Home

Awesome

šŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØ

Repository has moved

This repository is no longer maintained. embark-mythx is now under the care of Embark Labs.

šŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØ

Running MythX analyses in Status Embark

GitHub license npm

Status Embark plugin for MythX.

This plugin brings MythX to Status Embark. Simply call verify from the Embark console and embark-mythx sends your contracts off for analysis. It is inspired by truffle-security and uses its source mapping and reporting functions.

šŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØ

Repository has moved

This repository is no longer maintained. embark-mythx is now under the care of Embark Labs.

šŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØšŸšØ

QuickStart

  1. Create a .env file in the root of your project and provide your MythX login information. Free MythX accounts can be created at https://dashboard.mythx.io/#/registration.
MYTHX_USERNAME="<mythx-username>"
MYTHX_PASSWORD="<password>"

NOTE: MYTHX_ETH_ADDRESS has been deprecated in favour of MYTHX_USERNAME and will be removed in future versions. Please update your .env file or your environment variables accordingly.

MYTHX_USERNAME may be either of:

For more information, please see the MythX API Login documentation.

  1. Run verify [options] [contracts] in the Embark console. When the call returns, it will look something like this:
Embark (development) > verify
embark-mythx: Running MythX analysis in background.
embark-mythx: Submitting 'ERC20' for analysis...
embark-mythx: Submitting 'SafeMath' for analysis...
embark-mythx: Submitting 'Ownable' for analysis...

embark-mythx:
/home/flex/mythx-plugin/testToken/.embark/contracts/ERC20.sol
  1:0  warning  A floating pragma is set  SWC-103

āœ– 1 problem (0 errors, 1 warning)

embark-mythx: MythX analysis found vulnerabilities.

Installation

  1. Install this plugin from the root of your Embark project:
$ npm i embark-mythx
# or
$ npm i flex-dapps/embark-mythx
  1. Add embark-mythx to the plugins section of your embark.json file. To have the plugin permanently ignore one or multiple contracts, add them to the configuration:
"plugins": {
  "embark-mythx": {
    "ignore": ["Ownable", "Migrations"]
  }
}

Usage

verify [--full] [--debug] [--limit] [--initial-delay] [<contracts>]
verify status <uuid>
verify help

Options:
	--full, -f		Perform full instead of quick analysis (not available on free MythX tier).
	--debug, -d		Additional debug output.
	--limit, -l		Maximum number of concurrent analyses.
	--initial-delay, -i	Time in seconds before first analysis status check.

	[<contracts>]		List of contracts to submit for analysis (default: all).
	status <uuid>		Retrieve analysis status for given MythX UUID.
	help			This help.

Example Usage

# Quick analysis on all contracts in project
$ verify

# 'ERC20' and 'Ownable' full analysis
$ verify ERC20 Ownable --full

# Check status of previous or ongoing analysis
$ verify status ef5bb083-c57a-41b0-97c1-c14a54617812