A beginner’s guide to MythX
A detailed, step-by-step howto guide on how to use MythX with Remix, showing as well as the differences between MythX and MythX Pro.
MythX is a tool for finding smart contract weaknesses. For our single developers and dev teams, we offer two plans: MythX and MythX Pro.
(We also offer custom plans too; contact us for details.)
We recently posted about the differences between MythX and MythX Pro. But you may find it more useful to see an actual scenario involving testing a smart contract using MythX.
Let’s meet Sam.
Contract and scenario
Sam is a smart contract developer, who is working on a project that will pay out multiple people at once based on balances stored in a contract.
After some research and testing, Sam has come up with this:
pragma solidity 0.5.11;
contract Demo {
address payable owner;
address payable[] receivers;
mapping (address => uint256) balance;
constructor() public {
owner = msg.sender;
}
function setReceivers(address payable[] memory _receivers) public {
receivers = _receivers;
}
function deposit() public payable {
balance[msg.sender] += msg.value;
receivers.push(msg.sender);
}
function payReceivers() public {
for(uint256 i = 0; i < receivers.length; i++) {
(bool success,) = receivers[i].call.value(balance[receivers[i]])("");
require(success);
}
}
function die(address caller) public {
require(caller == msg.sender);
selfdestruct(msg.sender);
}
}
As a work in progress, Sam isn’t quite ready for a manual audit yet, but wants to check the contract for weaknesses now. This way, one can fix the most obvious problems before getting to the audit.
Running MythX
Sam’s tool of choice is Remix, so this is what we’ll be using here. (You can follow along too, though you can use any tool of your choice. The results will be the same.)
- Open Remix.
- Open the contract file in the editor.
- Use the Solidity compiler to compile your contract.
- Enable the MythX plugin by going to the Plugin Manager, finding MythX Security Verification, and click Activate.
Thinking about smart contract security? We can provide training, ongoing advice, and smart contract auditing. Contact us.