@cleanunicorn/mythos
Advanced tools
A CLI client for MythX
Install globally using:
$ npm -g install @cleanunicorn/mythos
Use this to scan Solidity source code.
You need to provide your MythX address and password.
As an env variable:
$ export MYTHX_ETH_ADDRESS='mythxEthAddress'
$ export MYTHX_PASSWORD='mythxPassword'
$ mythos analyze ./contract.sol Contract
Or as flags:
$ mythos analyze ./contract.sol Contract \
--mythxEthAddress=mythxEthAddress \
--mythxPassword=mythxPassword
Example:
$ mythos analyze no-pragma.sol NoPragma
Reading contract no-pragma.sol... done
Compiling with Solidity version: latest
› Warning: no-pragma.sol:1:1: Warning: Source file does not specify required compiler version! Consider adding "pragma solidity ^0.5.7;"
› contract NoPragma {
› ^ (Relevant source part starts here and spans across multiple lines).
›
Compiling contract no-pragma.sol... done
Analyzing contract NoPragma... done
UUID: 9350d5c4-b89f-43ef-b1f7-48840fee8a02
API Version: v1.4.12
Harvey Version: 0.0.16
Maestro Version: 1.2.6
Maru Version: 0.4.2
Mythril Version: 0.20.3
Report found 2 issues
Meta:
Covered instructions: 40
Covered paths: 4
Selected compiler version: v0.4.25
Title: (SWC-106) Unprotected SELFDESTRUCT Instruction
Severity: High
Head: The contract can be killed by anyone.
Description: Anyone can kill this contract and withdraw its balance to an arbitrary address.
Source code:
no-pragma.sol 3:8
--------------------------------------------------
selfdestruct(msg.sender)
--------------------------------------------------
==================================================
Title: (SWC-103) Floating Pragma
Severity: Medium
Head: No pragma is set.
Description: It is recommended to make a conscious choice on what version of Solidity is used for compilation. Currently no version is set in the Solidity file.
Source code:
no-pragma.sol 1:0
--------------------------------------------------
--------------------------------------------------
==================================================
Done
$ npm install -g @cleanunicorn/mythos
$ mythos COMMAND
running command...
$ mythos (-v|--version|version)
@cleanunicorn/mythos/0.13.0 linux-x64 node-v10.19.0
$ mythos --help [COMMAND]
USAGE
$ mythos COMMAND
...
mythos analyze CONTRACTFILE CONTRACTNAMEScan a smart contract with MythX API
USAGE
$ mythos analyze CONTRACTFILE CONTRACTNAME
ARGUMENTS
CONTRACTFILE Contract file to scan
CONTRACTNAME Contract name
OPTIONS
-h, --help show CLI help
--analysisMode=analysisMode [default: quick] Define the analysis mode when requesting a scan. Choose one from:
quick, full.
--mythxEthAddress=mythxEthAddress (required)
--mythxPassword=mythxPassword (required)
--solcVersion=solcVersion Solidity version to use when compiling (example: 0.4.21). If none is specified it
will try to identify the version from the source code.
--timeout=timeout [default: 180] How many seconds to wait for the result
See code: src/commands/analyze.ts
mythos get-analysis UUIDRetrieve analysis results scanned with MythX API
USAGE
$ mythos get-analysis UUID
ARGUMENTS
UUID uuid to retrive analysis results
OPTIONS
-h, --help show CLI help
--mythxEthAddress=mythxEthAddress (required)
--mythxPassword=mythxPassword (required)
See code: src/commands/get-analysis.ts
mythos help [COMMAND]display help for mythos
USAGE
$ mythos help [COMMAND]
ARGUMENTS
COMMAND command to show help for
OPTIONS
--all see all commands in CLI
See code: @oclif/plugin-help
Before you start hacking away, make sure to install dependencies.
$ npm i
Add your tests, code and make sure tests work.
$ npm test
If you need to update the test golden files you need to enable GENERATE_GOLDEN when running tests.
$ GENERATE_GOLDEN=true npm test
Update version number in package.json version to the new number without v (i.e. 0.12.3)
{
"name": "@cleanunicorn/mythos",
"description": "A CLI client for MythX",
"version": "0.12.3",
...
Update the Changelog section in readme and add a description of what was changed.
* [0.12.3](https://github.com/cleanunicorn/mythos/releases/tag/v0.12.3)
* Describe new functionality added.
And run oclif to update other sections of the readme.
$ npx oclif-dev readme
Tag your commit with the same version number preceded by a v (i.e. v0.12.3).
$ git add .
$ git commit -m "Describe new functionality added."
$ git tag v0.12.3
Finally publish the package.
$ npm publish --access public
eslint-utils to 1.4.2 because of a security issue.lodash.template to 4.5.0 because of a security issue.folder\file.sol are transformed to folder/file.sol.output.txt file from repo.mainSource.get-analysis to save response as issues-${uuid}.jsonSeverity to output.--analysisMode can be full or quick.FAQs
A CLI client for MythX
The npm package @cleanunicorn/mythos receives a total of 15 weekly downloads. As such, @cleanunicorn/mythos popularity was classified as not popular.
We found that @cleanunicorn/mythos demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Members Hub is conducting large-scale campaigns to artificially boost Discord server metrics, undermining community trust and platform integrity.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.