sabre-mythx
Advanced tools
Minimum viable client for the MythX smart contract security analysis service
Sabre is a experimental MythX client. It analyzes a Solidity smart contracts using the MythX cloud service.
$ npm install -g sabre-mythx
Use Metamask or a web3-enabled browser to sign up for a free account on the MythX website and set your API password. Set up your environment using the Ethereum address you signed up with as the username (for increased convenience add those two lines into your .bashrc or .bash_profile).
export MYTHX_ETH_ADDRESS=0x(...)
export MYTHX_PASSWORD=password
$ sabre [options] <solidity_file> [contract_name]
OPTIONS:
--version Print version
--help Print help message
--apiVersion Print MythX API version
--mode <quick/full> Analysis mode (default=quick)
--format <text/stylish/compact/table/html/json> Output format (default=text)
--clientToolName <string> Override clientToolName
--noCacheLookup Deactivate MythX cache lookups
--debug Print MythX API request and response
A 'quick' analysis takes 20 - 120 seconds to finish while a 'full' mode analysis takes approximately 30 minutes.
$ sabre contracts/vulnerable.sol
✔ Loaded solc v0.5.10 from local cache
✔ Compiled with solc v0.5.10 successfully
✔ Analysis job with UUID 647cefa9-51e6-47b1-a293-bb17dd1b991a is now in progress
==== Unprotected SELFDESTRUCT Instruction ====
Severity: High
File: /Users/bernhardmueller/Projects/sabre/contracts/vulnerable.sol
Link: https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-106
--------------------
The contract can be killed by anyone.
Anyone can kill this contract and withdraw its balance to an arbitrary address.
--------------------
Location: from 7:8 to 7:32
selfdestruct(msg.sender)
--------------------
Transaction Sequence:
Tx #1:
Origin: 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef [ ATTACKER ]
Function: f() [ 26121ff0 ]
Data: 0x26121ff0
Value: 0x0
==== Floating Pragma ====
Severity: Low
File: /Users/bernhardmueller/Projects/sabre/contracts/vulnerable.sol
Link: https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-103
--------------------
A floating pragma is set.
It is recommended to make a conscious choice on what version of Solidity is used for compilation. Currently multiple versions "^0.5.7" are allowed.
--------------------
Location: from 1:0 to 1:23
pragma solidity ^0.5.7;
MythX tool builders will earn revenue share in Dai when we go live with paid subscription plans. Details will be released soon. Ping us on Discord if you'd like to get involved.
Some links:
FAQs
Client for the MythX smart contract security analysis service
The npm package sabre-mythx receives a total of 14 weekly downloads. As such, sabre-mythx popularity was classified as not popular.
We found that sabre-mythx demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
ESLint has added JSON and Markdown linting support with new officially-supported plugins, expanding its versatility beyond JavaScript.
Security News
Members Hub is conducting large-scale campaigns to artificially boost Discord server metrics, undermining community trust and platform integrity.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.