Requirements: Latest OS X (at the time of writing this: Big Sur), npm, node, python 3.9, pip, ganache-cli, truffle, Docker, solc-select.
We’ll be installing MythX and Cryptic’s Slither: 2 well-known tools for static analysis auditing of smart contracts.
There are two ways to use MythX. One is with the remix plugin, which we will not be going over, and the other is by installing it locally, which we will cover.
So, let’s get started!
Open your shell and run the following:
pip install mythx-cli
This will install the Mythx CLI. After this, you will be able to run mythx
and see a bunch of helpful commands.
Please follow the Mythx.org instructions on setting up an trial account, then grab your API key in your MythX Dashboard.
Change your directory in your shell to a folder containing a simple truffle project with smart contracts that you wish to audit with MythX.
mythx --username USERNAME --password "PASSWORD" --api-key APIKEYHERE analyze ./ DIRECTORY_OR_SINGLE_SOL_FILE_HERE.SOL
This will start a MythX scan. You can only run a quick scan that you can do on the trial version of MythX, rather than a ‘deep’ or ‘standard’ scan.
The results should look like this:
Let’s run another one!
Install Slither by running the command:
pip3 install slither-analyzer
Or you can use Github to install it:
$ git clone https://github.com/crytic/slither.git && cd slither
$ python3 setup.py install
You will need to have Docker Desktop running in the background for this.
Make sure you are using solc 0.5.0 before running Slither, otherwise you will get an error. You can check by running solc --version
to double check.
So, run solc use 0.5.0
if your solc version is different from 0.5.0 for this file before running slither Coin.sol
within the contracts/
directory.
From the contracts/
directory of your truffle project, run:
slither Coin.sol
This will run slither on this specific file.
The results of running Slither on the same project are: