Comparing chainlink with mythril
chainlink
View full →Author
@0xinit
Stars
53
Repository
0xinit/cryptoskills
skills/chainlink/SKILL.md
Chainlink
Chainlink provides decentralized oracle infrastructure: price feeds for DeFi pricing, VRF for provably fair randomness, Automation for scheduled/conditional on-chain execution, and CCIP for cross-chain messaging and token transfers.
What You Probably Got Wrong
latestRoundData()returnsint256, notuint256— Price can be negative (e.g., oil futures in 2020). Always checkanswer > 0before casting.- Decimals vary per feed — ETH/USD has 8 decimals, ETH/BTC has 18 decimals, USDC/USD has 8. Always call
decimals()or hardcode per known feed. Never assume 8. - VRF v2 is deprecated — use VRF v2.5 — VRF v2.5 supports both LINK and native payment, uses
requestRandomWords()with a struct parameter, and has a different coordinator interface. Most LLM training data references VRF v2. - Staleness is not optional — A price feed can return a stale answer if the oracle network stops updating. You must check
updatedAtagainst a heartbeat threshold. Feeds without staleness checks have caused protocol-draining exploits. roundIdcan be zero on L2s — On Arbitrum/Optimism sequencer feeds, round semantics differ. Do not rely onroundIdfor ordering on L2 feeds.- CCIP is not Chainlink VRF — They are separate products. CCIP handles cross-chain messaging; VRF handles randomness. Different contracts, different billing.
- Automation renamed from Keepers — The product is now called Chainlink Automation, not Keepers. The interface names changed:
KeeperCompatibleInterfaceis nowAutomationCompatibleInterface.
Price Feeds
AggregatorV3Interface
The core interface for reading Chainlink price data on-chain.
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;
import {AggregatorV3Interface} from "@chainlink/contracts/src/v0.8/shared/interfaces/AggregatorV3Interface.sol";
contract PriceConsumer {
AggregatorV3Interface internal immutable priceFeed;
// ETH/USD heartbeat: 3600s on mainnet, 86400s on Arbitrum
uint256 private constant STALENESS_THRESHOLD = 3600;
constructor(address feedAddress) {
priceFeed = AggregatorV3Interface(feedAddress);
}
function getLatestPrice() public view returns (int256 price, uint8 feedDecimals) {
(
uint80 roundId,
int256 answer,
/* uint256 startedAt */,
uint256 updatedAt,
uint80 answeredInRound
) = priceFeed.latestRoundData();
if (answer <= 0) revert InvalidPrice();
if (updatedAt == 0) revert RoundNotComplete();
if (block.timestamp - updatedAt > STALENESS_THRESHOLD) revert StalePrice();
if (answeredInRound < roundId) revert StaleRound();
return (answer, priceFeed.decimals());
}
/// @notice Normalize a feed answer to 18 decimals
function normalizeToWad(int256 answer, uint8 feedDecimals) public pure returns (uint256) {
if (answer <= 0) revert InvalidPrice();
if (feedDecimals <= 18) {
return uint256(answer) * 10 ** (18 - feedDecimals);
}
return uint256(answer) / 10 ** (feedDecimals - 18);
}
error InvalidPrice();
error RoundNotComplete();
error StalePrice();
error StaleRound();
}
Reading Price Feeds with TypeScript (viem)
import { createPublicClient, http, parseAbi } from "viem";
import { mainnet } from "viem/chains";
const AGGREGATOR_V3_ABI = parseAbi([
"function latestRoundData() external view returns (uint80 roundId, int256 answer, uint256 startedAt, uint256 updatedAt, uint80 answeredInRound)",
"function decimals() external view returns (uint8)",
"function description() external view returns (string)",
]);
// ETH/USD on Ethereum mainnet
const ETH_USD_FEED = "0x5f4eC3Df9cbd43714FE2740f5E3616155c5b8419" as const;
const STALENESS_THRESHOLD = 3600n;
const client = createPublicClient({
chain: mainnet,
transport: http(process.env.RPC_URL),
});
async function getPrice(feedAddress: `0x${string}`) {
const [roundData, feedDecimals] = await Promise.all([
client.readContract({
address: feedAddress,
abi: AGGREGATOR_V3_ABI,
functionName: "latestRoundData",
}),
client.readContract({
address: feedAddress,
abi: AGGREGATOR_V3_ABI,
functionName: "decimals",
}),
]);
const [roundId, answer, , updatedAt, answeredInRound] = roundData;
if (answer <= 0n) throw new Error("Invalid price: non-positive");
if (updatedAt === 0n) throw new Error("Round not complete");
const now = BigInt(Math.floor(Date.now() / 1000));
if (now - updatedAt > STALENESS_THRESHOLD) {
throw new Error(`Stale price: ${now - updatedAt}s old`);
}
if (answeredInRound < roundId) {
throw new Error("Stale round: answeredInRound < roundId");
}
// Normalize to 18 decimals
const normalized =
feedDecimals <= 18
? answer * 10n ** (18n - BigInt(feedDecimals))
: answer / 10n ** (BigInt(feedDecimals) - 18n);
return {
raw: answer,
decimals: feedDecimals,
normalized,
updatedAt,
};
}
// Usage
const ethPrice = await getPrice(ETH_USD_FEED);
console.log(`ETH/USD: $${Number(ethPrice.raw) / 10 ** ethPrice.decimals}`);
L2 Sequencer Uptime Feed
On L2s, check the sequencer uptime feed before trusting price data. If the sequencer was recently restarted, prices may be stale while oracles catch up.
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;
import {AggregatorV3Interface} from "@chainlink/contracts/src/v0.8/shared/interfaces/AggregatorV3Interface.sol";
contract L2PriceConsumer {
AggregatorV3Interface internal immutable sequencerUptimeFeed;
AggregatorV3Interface internal immutable priceFeed;
// Grace period after sequencer comes back online
uint256 private constant GRACE_PERIOD = 3600;
constructor(address _sequencerFeed, address _priceFeed) {
sequencerUptimeFeed = AggregatorV3Interface(_sequencerFeed);
priceFeed = AggregatorV3Interface(_priceFeed);
}
function getPrice() external view returns (int256) {
(, int256 sequencerAnswer, , uint256 sequencerUpdatedAt, ) =
sequencerUptimeFeed.latestRoundData();
// answer == 0 means sequencer is up, answer == 1 means down
if (sequencerAnswer != 0) revert SequencerDown();
if (block.timestamp - sequencerUpdatedAt < GRACE_PERIOD) revert GracePeriodNotOver();
(, int256 price, , uint256 updatedAt, ) = priceFeed.latestRoundData();
if (price <= 0) revert InvalidPrice();
if (block.timestamp - updatedAt > 86400) revert StalePrice();
return price;
}
error SequencerDown();
error GracePeriodNotOver();
error InvalidPrice();
error StalePrice();
}
VRF v2.5
Chainlink VRF v2.5 provides provably fair, verifiable randomness. It uses subscription-based billing and supports payment in LINK or native token.
Requesting Randomness
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;
import {VRFConsumerBaseV2Plus} from "@chainlink/contracts/src/v0.8/vrf/dev/VRFConsumerBaseV2Plus.sol";
import {VRFV2PlusClient} from "@chainlink/contracts/src/v0.8/vrf/dev/libraries/VRFV2PlusClient.sol";
contract RandomConsumer is VRFConsumerBaseV2Plus {
uint256 public immutable subscriptionId;
bytes32 public immutable keyHash;
// 200k gas covers most callbacks; increase for complex logic
uint32 private constant CALLBACK_GAS_LIMIT = 200_000;
uint16 private constant REQUEST_CONFIRMATIONS = 3;
uint32 private constant NUM_WORDS = 1;
mapping(uint256 => address) public requestToSender;
mapping(address => uint256) public results;
event RandomnessRequested(uint256 indexed requestId, address indexed requester);
event RandomnessFulfilled(uint256 indexed requestId, uint256 randomWord);
constructor(
uint256 _subscriptionId,
address _vrfCoordinator,
bytes32 _keyHash
) VRFConsumerBaseV2Plus(_vrfCoordinator) {
subscriptionId = _subscriptionId;
keyHash = _keyHash;
}
function requestRandom() external returns (uint256 requestId) {
requestId = s_vrfCoordinator.requestRandomWords(
VRFV2PlusClient.RandomWordsRequest({
keyHash: keyHash,
subId: subscriptionId,
requestConfirmations: REQUEST_CONFIRMATIONS,
callbackGasLimit: CALLBACK_GAS_LIMIT,
numWords: NUM_WORDS,
extraArgs: VRFV2PlusClient._argsToBytes(
// false = pay with LINK, true = pay with native
VRFV2PlusClient.ExtraArgsV1({nativePayment: false})
)
})
);
requestToSender[requestId] = msg.sender;
emit RandomnessRequested(requestId, msg.sender);
}
function fulfillRandomWords(
uint256 requestId,
uint256[] calldata randomWords
) internal override {
address requester = requestToSender[requestId];
results[requester] = randomWords[0];
emit RandomnessFulfilled(requestId, randomWords[0]);
}
}
VRF Subscription Management (TypeScript)
import { createWalletClient, http, parseAbi } from "viem";
import { mainnet } from "viem/chains";
import { privateKeyToAccount } from "viem/accounts";
const VRF_COORDINATOR_ABI = parseAbi([
"function createSubscription() external returns (uint256 subId)",
"function addConsumer(uint256 subId, address consumer) external",
"function removeConsumer(uint256 subId, address consumer) external",
"function getSubscription(uint256 subId) external view returns (uint96 balance, uint96 nativeBalance, uint64 reqCount, address subOwner, address[] consumers)",
"function fundSubscriptionWithNative(uint256 subId) external payable",
]);
const account = privateKeyToAccount(process.env.PRIVATE_KEY as `0x${string}`);
const walletClient = createWalletClient({
account,
chain: mainnet,
transport: http(process.env.RPC_URL),
});
// Ethereum mainnet VRF Coordinator v2.5
const VRF_COORDINATOR = "0xD7f86b4b8Cae7D942340FF628F82735b7a20893a" as const;
async function createSubscription() {
const hash = await walletClient.writeContract({
address: VRF_COORDINATOR,
abi: VRF_COORDINATOR_ABI,
functionName: "createSubscription",
});
console.log("Subscription created, tx:", hash);
return hash;
}
async function addConsumer(subId: bigint, consumerAddress: `0x${string}`) {
const hash = await walletClient.writeContract({
address: VRF_COORDINATOR,
abi: VRF_COORDINATOR_ABI,
functionName: "addConsumer",
args: [subId, consumerAddress],
});
console.log("Consumer added, tx:", hash);
return hash;
}
Automation (Keepers)
Chainlink Automation executes on-chain functions when conditions are met. Your contract implements checkUpkeep (off-chain simulation) and performUpkeep (on-chain execution).
AutomationCompatible Contract
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;
import {AutomationCompatibleInterface} from "@chainlink/contracts/src/v0.8/automation/AutomationCompatible.sol";
contract AutomatedCounter is AutomationCompatibleInterface {
uint256 public counter;
uint256 public lastTimestamp;
uint256 public immutable interval;
event CounterIncremented(uint256 indexed newValue, uint256 timestamp);
constructor(uint256 _interval) {
interval = _interval;
lastTimestamp = block.timestamp;
}
/// @notice Called off-chain by Automation nodes to check if upkeep is needed
/// @dev Must NOT modify state. Gas cost does not matter (simulated off-chain).
function checkUpkeep(bytes calldata)
external
view
override
returns (bool upkeepNeeded, bytes memory performData)
{
upkeepNeeded = (block.timestamp - lastTimestamp) >= interval;
performData = abi.encode(counter);
}
/// @notice Called on-chain when checkUpkeep returns true
/// @dev Re-validate the condition — checkUpkeep result may be stale
function performUpkeep(bytes calldata) external override {
if ((block.timestamp - lastTimestamp) < interval) revert UpkeepNotNeeded();
lastTimestamp = block.timestamp;
counter += 1;
emit CounterIncremented(counter, block.timestamp);
}
error UpkeepNotNeeded();
}
Log-Triggered Automation
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;
import {ILogAutomation, Log} from "@chainlink/contracts/src/v0.8/automation/interfaces/ILogAutomation.sol";
contract LogTriggeredUpkeep is ILogAutomation {
event ActionPerformed(address indexed sender, uint256 amount);
/// @notice Called when a matching log event is detected
function checkLog(Log calldata log, bytes memory)
external
pure
returns (bool upkeepNeeded, bytes memory performData)
{
upkeepNeeded = true;
performData = log.data;
}
function performUpkeep(bytes calldata performData) external {
(address sender, uint256 amount) = abi.decode(performData, (address, uint256));
emit ActionPerformed(sender, amount);
}
}
CCIP (Cross-Chain Interoperability Protocol)
CCIP enables sending arbitrary messages and tokens between supported chains.
Sending a Cross-Chain Message
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;
import {IRouterClient} from "@chainlink/contracts-ccip/src/v0.8/ccip/interfaces/IRouterClient.sol";
import {Client} from "@chainlink/contracts-ccip/src/v0.8/ccip/libraries/Client.sol";
import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
contract CCIPSender {
IRouterClient public immutable router;
IERC20 public immutable linkToken;
event MessageSent(bytes32 indexed messageId, uint64 indexed destinationChain);
constructor(address _router, address _link) {
router = IRouterClient(_router);
linkToken = IERC20(_link);
}
function sendMessage(
uint64 destinationChainSelector,
address receiver,
bytes calldata data
) external returns (bytes32 messageId) {
Client.EVM2AnyMessage memory message = Client.EVM2AnyMessage({
receiver: abi.encode(receiver),
data: data,
tokenAmounts: new Client.EVMTokenAmount[](0),
extraArgs: Client._argsToBytes(
Client.EVMExtraArgsV2({gasLimit: 200_000, allowOutOfOrderExecution: true})
),
feeToken: address(linkToken)
});
uint256 fees = router.getFee(destinationChainSelector, message);
linkToken.approve(address(router), fees);
messageId = router.ccipSend(destinationChainSelector, message);
emit MessageSent(messageId, destinationChainSelector);
}
}
Receiving a Cross-Chain Message
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;
import {CCIPReceiver} from "@chainlink/contracts-ccip/src/v0.8/ccip/applications/CCIPReceiver.sol";
import {Client} from "@chainlink/contracts-ccip/src/v0.8/ccip/libraries/Client.sol";
contract CCIPReceiverExample is CCIPReceiver {
// Allowlist source chains and senders to prevent unauthorized messages
mapping(uint64 => mapping(address => bool)) public allowlistedSenders;
address public owner;
event MessageReceived(
bytes32 indexed messageId,
uint64 indexed sourceChainSelector,
address sender,
bytes data
);
constructor(address _router) CCIPReceiver(_router) {
owner = msg.sender;
}
function allowlistSender(
uint64 chainSelector,
address sender,
bool allowed
) external {
if (msg.sender != owner) revert Unauthorized();
allowlistedSenders[chainSelector][sender] = allowed;
}
function _ccipReceive(Client.Any2EVMMessage memory message) internal override {
address sender = abi.decode(message.sender, (address));
if (!allowlistedSenders[message.sourceChainSelector][sender]) {
revert SenderNotAllowlisted();
}
emit MessageReceived(
message.messageId,
message.sourceChainSelector,
sender,
message.data
);
}
error Unauthorized();
error SenderNotAllowlisted();
}
Contract Addresses
Last verified: 2025-05-01
Price Feeds
| Pair | Ethereum Mainnet | Arbitrum One | Base |
|---|---|---|---|
| ETH/USD | 0x5f4eC3Df9cbd43714FE2740f5E3616155c5b8419 | 0x639Fe6ab55C921f74e7fac1ee960C0B6293ba612 | 0x71041dddad3595F9CEd3DcCFBe3D1F4b0a16Bb70 |
| BTC/USD | 0xF4030086522a5bEEa4988F8cA5B36dbC97BeE88c | 0x6ce185860a4963106506C203335A2910413708e9 | 0x64c911996D3c6aC71f9b455B1E8E7M1BbDC942BAe |
| USDC/USD | 0x8fFfFfd4AfB6115b954Bd326cbe7B4BA576818f6 | 0x50834F3163758fcC1Df9973b6e91f0F0F0434aD3 | 0x7e860098F58bBFC8648a4311b374B1D669a2bc6B |
| LINK/USD | 0x2c1d072e956AFFC0D435Cb7AC38EF18d24d9127c | 0x86E53CF1B870786351Da77A57575e79CB55812CB | 0x17CAb8FE31cA45e4684E33E3D258F20E88B8fD8B |
Sequencer Uptime Feeds
| Chain | Address |
|---|---|
| Arbitrum | 0xFdB631F5EE196F0ed6FAa767959853A9F217697D |
| Base | 0xBCF85224fc0756B9Fa45aAb7d2257eC1673570EF |
| Optimism | 0x371EAD81c9102C9BF4874A9075FFFf170F2Ee389 |
VRF v2.5 Coordinators
| Chain | Coordinator |
|---|---|
| Ethereum | 0xD7f86b4b8Cae7D942340FF628F82735b7a20893a |
| Arbitrum | 0x3C0Ca683b403E37668AE3DC4FB62F4B29B6f7a3e |
| Base | 0xd5D517aBE5cF79B7e95eC98dB0f0277788aFF634 |
CCIP Routers
| Chain | Router | Chain Selector |
|---|---|---|
| Ethereum | 0x80226fc0Ee2b096224EeAc085Bb9a8cba1146f7D | 5009297550715157269 |
| Arbitrum | 0x141fa059441E0ca23ce184B6A78bafD2A517DdE8 | 4949039107694359620 |
| Base | 0x881e3A65B4d4a04dD529061dd0071cf975F58bCD | 15971525489660198786 |
LINK Token
| Chain | Address |
|---|---|
| Ethereum | 0x514910771AF9Ca656af840dff83E8264EcF986CA |
| Arbitrum | 0xf97f4df75117a78c1A5a0DBb814Af92458539FB4 |
| Base | 0x88Fb150BDc53A65fe94Dea0c9BA0a6dAf8C6e196 |
Error Handling
| Error / Symptom | Cause | Fix |
|---|---|---|
answer <= 0 from price feed | Feed returning invalid/negative price | Check answer > 0 before using; revert or use fallback oracle |
block.timestamp - updatedAt > threshold | Oracle stopped updating (network congestion, feed deprecation) | Implement staleness check with per-feed heartbeat threshold |
answeredInRound < roundId | Answer is from a previous round | Reject stale round data |
| VRF callback reverts | callbackGasLimit too low for your fulfillRandomWords logic | Increase callbackGasLimit; test gas usage on fork |
| VRF request pending indefinitely | Subscription underfunded, consumer not added, or wrong keyHash | Fund subscription, verify consumer is registered, use correct key hash for your chain |
Automation performUpkeep not firing | checkUpkeep returns false, upkeep underfunded, or gas price too high | Debug checkUpkeep locally; fund upkeep; check min balance requirements |
CCIP InsufficientFeeTokenAmount | Not enough LINK approved for fees | Call router.getFee() first, then approve that amount + buffer |
| CCIP message not delivered | Destination contract reverts, sender not allowlisted, or chain selector wrong | Check receiver contract, verify allowlist, confirm chain selectors from docs |
Security Considerations
Price Feed Safety
-
Always check staleness — Every
latestRoundData()call must validateupdatedAtagainst the feed's heartbeat. ETH/USD on mainnet has a 3600s heartbeat; on Arbitrum it is 86400s. Check Chainlink's feed page for per-feed heartbeats. -
Sanity-bound oracle prices — If a feed reports ETH at $0.01 or $1,000,000, something is wrong. Add upper and lower bounds based on reasonable price ranges and revert or pause if breached.
uint256 private constant MIN_ETH_PRICE = 100e8; // $100
uint256 private constant MAX_ETH_PRICE = 100_000e8; // $100,000
function getSafePrice(AggregatorV3Interface feed) internal view returns (uint256) {
(, int256 answer, , uint256 updatedAt, ) = feed.latestRoundData();
if (answer <= 0) revert InvalidPrice();
if (block.timestamp - updatedAt > 3600) revert StalePrice();
if (uint256(answer) < MIN_ETH_PRICE || uint256(answer) > MAX_ETH_PRICE) {
revert PriceOutOfBounds();
}
return uint256(answer);
}
-
L2 sequencer check — On Arbitrum, Base, and Optimism, always check the sequencer uptime feed. A sequencer outage means oracle updates are delayed; using stale prices during recovery has caused exploits.
-
Decimal normalization — Never assume 8 decimals. Always call
feed.decimals()or use known constants per feed. When combining two feeds (e.g., TOKEN/ETH and ETH/USD), handle decimals carefully to avoid overflow or truncation. -
Multi-oracle fallback — For critical DeFi protocols, use Chainlink as primary but have a fallback (e.g., Uniswap TWAP or Pyth) to prevent single oracle dependency from freezing your protocol.
VRF Safety
- Never use block values (
block.timestamp,block.prevrandao) as randomness — they are manipulable by validators. - Store the
requestId-> user mapping before the callback. The callback is asynchronous and you need to know who requested it. - Set
callbackGasLimithigh enough for your logic but not excessively — you pay for unused gas.
Automation Safety
- Always re-validate conditions in
performUpkeep. ThecheckUpkeepresult may be stale by the timeperformUpkeepexecutes on-chain. checkUpkeepruns off-chain in simulation — it cannot modify state. Any state changes will be reverted.
CCIP Safety
- Always allowlist source chains and sender addresses on your receiver contract. Without this, anyone on any supported chain can send messages to your contract.
- Handle message failures gracefully. If
_ccipReceivereverts, the message can be manually executed later, but your contract should not end up in an inconsistent state from partial execution.
Alternative Oracles
For use cases where Chainlink's push model isn't optimal, consider these alternatives:
Pyth Network (pyth-evm skill) — Pull oracle model where consumers fetch and submit price updates on-demand. Best for: sub-second price freshness (~400ms on Pythnet), confidence intervals (statistical uncertainty bounds), MEV-protected liquidations via Express Relay, and non-EVM chains (Solana, Sui, Aptos). Trade-off: consumers pay gas for price updates (~120-150K gas per feed).
When to use Chainlink vs Pyth:
- Chainlink: Zero-cost reads (DON sponsors updates), broadest EVM feed coverage (1000+), VRF/CCIP/Automation ecosystem, well-established data quality
- Pyth: Sub-second freshness, confidence intervals, historical price verification, MEV protection, 50+ EVM chains + non-EVM
See also: redstone skill for another pull oracle alternative.
References
mythril
View full →Author
@0xinit
Stars
53
Repository
0xinit/cryptoskills
skills/mythril/SKILL.md
Mythril
Mythril is a symbolic execution tool for EVM bytecode that detects security vulnerabilities in Solidity smart contracts. It uses the LASER symbolic virtual machine to explore all reachable contract states across multiple transactions, then feeds path constraints to the Z3 SMT solver to generate concrete exploit inputs. It is maintained by Consensys Diligence.
Unlike static analyzers (Slither, Semgrep) that match code patterns, Mythril proves whether a vulnerability is actually exploitable by constructing valid transaction sequences that trigger it. This makes it slower but significantly more precise for certain vulnerability classes.
What You Probably Got Wrong
LLMs generate bad Mythril commands. These are the blind spots that cause wasted time and missed bugs.
- Mythril is SLOW. Always set timeouts. A single-contract analysis with default settings can run for 30+ minutes and consume 8+ GB of RAM. Production usage requires
--execution-timeoutand--solver-timeout. Without them, your CI pipeline will hang indefinitely. - Default analysis depth is often too shallow. Without the
-t(transaction count) flag, Mythril defaults to 2 transactions. Many real exploits (reentrancy across multiple functions, multi-step oracle manipulation) require-t 3or higher. But-t 3is exponentially slower than-t 2— 10x to 100x slower. - Docker is easier than pip install for most users. Mythril depends on Z3 solver, py-solc-x, and specific Python versions. Docker (
mythviamythril/myth) eliminates dependency hell. Pip install frequently fails due to Z3 build issues on macOS and certain Linux distros. - Mythril analyzes bytecode, not source. It compiles your Solidity to bytecode first, then symbolically executes the bytecode. This means it does not understand variable names, function names, or Solidity-level constructs. The output references bytecode offsets, not source lines — unless you provide source maps.
myth analyzeis the correct command. The oldmyth -xsyntax is deprecated. Usemyth analyzefor file analysis andmyth analyze --addressfor on-chain contracts.myth -xmay still work but produces deprecation warnings.- Mythril does NOT replace static analysis. It finds different bugs. Slither catches style issues, missing access control patterns, and centralization risks in seconds. Mythril catches reachable state-dependent exploits in minutes to hours. Use both.
- False positives happen, especially with
assertviolations. Mythril reports any reachableassert(false)as a vulnerability. Customassertstatements used for invariant checking will trigger SWC-110 findings. Triage the output — not every finding is a real bug. - Solc version must match the contract pragma. Mythril calls solc internally. If the installed solc version does not satisfy the pragma, compilation fails silently or with cryptic errors. Use
--solvto specify the version.
Installation
Docker (Recommended)
docker pull mythril/myth
# Verify
docker run mythril/myth version
Run Mythril on a local file (mount the current directory):
docker run -v $(pwd):/src mythril/myth analyze /src/Contract.sol
pip
Requires Python 3.8-3.12 and a working C++ compiler (for Z3).
pip3 install mythril
Verify:
myth version
If Z3 fails to build, install the system package first:
# Ubuntu/Debian
sudo apt-get install libz3-dev
# macOS
brew install z3
# Then retry
pip3 install mythril
From Source
git clone https://github.com/Consensys/mythril.git
cd mythril
pip3 install -e .
Specifying Solc Version
Mythril uses py-solc-x to manage compiler versions. Install the version your contracts need:
# Mythril installs solc automatically, but you can force a version
python3 -c "from solcx import install_solc; install_solc('0.8.28')"
Or specify at analysis time:
myth analyze Contract.sol --solv 0.8.28
Quick Start
Analyze a Single File
myth analyze contracts/Vault.sol
Analyze with Specific Solc Version
myth analyze contracts/Vault.sol --solv 0.8.20
Analyze a Specific Contract in a Multi-Contract File
myth analyze contracts/Token.sol --solc-args "--base-path . --include-path node_modules"
Analyze Deployed Contract
myth analyze --address 0x1234...abcd --rpc infura-mainnet
Or with a custom RPC URL:
myth analyze --address 0x1234...abcd --rpc-url https://eth-mainnet.g.alchemy.com/v2/YOUR_KEY
Analysis Depth
The -t flag controls how many transactions Mythril simulates in sequence. This is the single most important performance/coverage tradeoff.
| Flag | Transactions | Use Case | Time (typical) |
|---|---|---|---|
-t 1 | 1 | Quick scan, single-function bugs | 30s - 2min |
-t 2 | 2 | Standard analysis (default) | 2 - 15min |
-t 3 | 3 | Deep analysis, multi-step exploits | 15min - 2hr+ |
-t 4+ | 4+ | Exhaustive, rarely practical | Hours to days |
# Quick scan for obvious issues
myth analyze Contract.sol -t 1 --execution-timeout 120
# Standard depth (default)
myth analyze Contract.sol -t 2 --execution-timeout 600
# Deep analysis — finds reentrancy across function pairs
myth analyze Contract.sol -t 3 --execution-timeout 3600
Each additional transaction multiplies the state space exponentially. A contract with 10 external functions has 10 possible first transactions, 100 possible two-transaction sequences, and 1,000 possible three-transaction sequences. Mythril prunes aggressively using symbolic constraints, but the growth is still significant.
When to Use -t 3
- Reentrancy across different functions (attacker calls
withdrawduringdepositcallback) - Flash loan attack paths (borrow -> manipulate -> profit across 3+ calls)
- Multi-step privilege escalation (register -> claim role -> execute)
- State-dependent vulnerabilities where the setup requires 2+ prior transactions
Detection Modules
Mythril maps findings to SWC (Smart Contract Weakness Classification) identifiers.
| Module | SWC | What It Finds |
|---|---|---|
ether_thief | SWC-105 | Arbitrary ETH withdrawal via unprotected selfdestruct or call |
suicide | SWC-106 | Unprotected selfdestruct callable by non-owner |
delegatecall | SWC-112 | Delegatecall to user-controlled address |
reentrancy | SWC-107 | State changes after external calls |
integer | SWC-101 | Integer overflow/underflow (relevant for Solidity <0.8.0 or unchecked blocks) |
unchecked_retval | SWC-104 | Unchecked return value on low-level calls |
tx_origin | SWC-115 | tx.origin used for authentication |
exceptions | SWC-110 | Reachable assert violations |
external_calls | SWC-107 | Dangerous external call patterns |
arbitrary_write | SWC-124 | Write to arbitrary storage location |
arbitrary_read | N/A | Read from arbitrary storage location |
multiple_sends | SWC-113 | Multiple ETH sends in single transaction (DoS risk) |
state_change_external_calls | SWC-107 | State modification after external call |
dependence_on_predictable_vars | SWC-116, SWC-120 | Weak randomness from block variables |
Running Specific Modules
# Only check for reentrancy and unchecked return values
myth analyze Contract.sol -m reentrancy,unchecked_retval
# Exclude integer overflow checks (useful for 0.8.x contracts)
myth analyze Contract.sol --exclude-modules integer
Output Formats
Text (Default)
myth analyze Contract.sol
==== Unprotected Ether Withdrawal ====
SWC ID: 105
Severity: High
Contract: Vault
Function name: withdraw(uint256)
PC address: 1234
Estimated Gas Usage: 3456 - 7890
In the function `withdraw(uint256)` a non-zero amount of Ether is sent to
msg.sender.
There is a check on storage index 0. This storage slot can be written to by
calling the function `deposit()`.
----
Transaction Sequence:
Caller: 0xdeadbeefdeadbeef...
calldata: 0xd0e30db0... (deposit)
value: 1000000000000000000
Caller: 0xdeadbeefdeadbeef...
calldata: 0x2e1a7d4d... (withdraw)
value: 0
JSON
myth analyze Contract.sol -o json > report.json
JSON output includes structured fields for each issue: title, description, severity, address, contract, function, swc-id, min_gas_used, max_gas_used, and tx_sequence.
Markdown
myth analyze Contract.sol -o markdown > report.md
JSONV2 (Machine-Readable with Source Mapping)
myth analyze Contract.sol -o jsonv2 > report.json
The jsonv2 format includes source mappings and more detailed transaction sequence information, suitable for programmatic processing and CI tooling.
Practical Settings
Production Mythril commands need explicit resource limits. Without them, analysis can consume all available memory and CPU time.
Recommended Settings by Context
# CI pipeline — fast, bounded
myth analyze Contract.sol \
-t 2 \
--execution-timeout 300 \
--solver-timeout 30 \
--max-depth 50 \
-o jsonv2
# Pre-audit deep scan — thorough, time-boxed
myth analyze Contract.sol \
-t 3 \
--execution-timeout 3600 \
--solver-timeout 60 \
--max-depth 128 \
-o json
# Quick sanity check during development
myth analyze Contract.sol \
-t 1 \
--execution-timeout 120 \
--solver-timeout 10
Key Flags
| Flag | Default | Description |
|---|---|---|
--execution-timeout | None (unlimited) | Max seconds for entire analysis |
--solver-timeout | 10000 (ms) | Max time per Z3 query |
--max-depth | 128 | Max depth of symbolic execution tree |
--loop-bound | 3 | Max times to unroll loops |
--call-depth-limit | 3 | Max depth for inter-contract calls |
--strategy | bfs | Search strategy: bfs, dfs, naive-random, weighted-random |
--solver-log | N/A | Path to log Z3 queries (debugging) |
--bin-runtime | N/A | Analyze raw runtime bytecode |
--enable-physics | N/A | Enable gas-based path prioritization |
Docker with Resource Limits
# Limit Docker container to 4GB RAM and 2 CPUs
docker run \
--memory=4g \
--cpus=2 \
-v $(pwd):/src \
mythril/myth analyze /src/Contract.sol \
-t 2 \
--execution-timeout 300 \
--solver-timeout 30
Analyzing Deployed Contracts
Mythril can pull bytecode from any EVM chain and analyze it directly.
# Ethereum mainnet via Infura
myth analyze \
--address 0xdAC17F958D2ee523a2206206994597C13D831ec7 \
--rpc-url https://mainnet.infura.io/v3/YOUR_PROJECT_ID
# With transaction depth
myth analyze \
--address 0xdAC17F958D2ee523a2206206994597C13D831ec7 \
--rpc-url https://mainnet.infura.io/v3/YOUR_PROJECT_ID \
-t 2 \
--execution-timeout 600
On-chain analysis is slower because Mythril must resolve storage values and external contract dependencies via RPC calls.
Analyzing Raw Bytecode
# Analyze compiled bytecode directly
myth analyze --bin-runtime -c "0x6080604052..."
# From a file containing bytecode
myth analyze --bin-runtime -f bytecode.bin
CI Integration
GitHub Actions
name: Mythril Security Scan
on:
pull_request:
paths:
- 'contracts/**'
- 'src/**'
jobs:
mythril:
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- name: Run Mythril
uses: docker://mythril/myth:latest
with:
args: >-
analyze /github/workspace/src/Contract.sol
--solv 0.8.28
-t 2
--execution-timeout 300
--solver-timeout 30
-o jsonv2
- name: Upload Report
if: always()
uses: actions/upload-artifact@v4
with:
name: mythril-report
path: report.json
Multi-Contract CI Scan
#!/usr/bin/env bash
set -euo pipefail
# Scan all Solidity files in src/, fail if any High severity issues found
FAILED=0
for sol_file in src/*.sol; do
echo "Analyzing: $sol_file"
if ! docker run --memory=4g -v "$(pwd)":/src mythril/myth analyze \
"/src/$sol_file" \
--solv 0.8.28 \
-t 2 \
--execution-timeout 300 \
--solver-timeout 30 \
-o json > "reports/$(basename "$sol_file" .sol).json" 2>&1; then
echo "ISSUES FOUND in $sol_file"
FAILED=1
fi
done
exit $FAILED
Comparison with Slither
Mythril and Slither are complementary, not competing tools.
| Aspect | Slither | Mythril |
|---|---|---|
| Approach | Static analysis (AST pattern matching) | Symbolic execution (SMT solving) |
| Speed | Seconds | Minutes to hours |
| Detectors | 90+ detectors, many style/best-practice | ~15 modules, focused on exploitability |
| False positives | Higher (pattern-based) | Lower (proves exploitability) |
| False negatives | Misses state-dependent bugs | Misses pattern-based issues |
| Multi-transaction | No | Yes (core strength) |
| Upgradeable contracts | Good support | Limited |
| CI suitability | Excellent (fast) | Requires timeout tuning |
| Output | JSON, SARIF, markdown, text | JSON, JSONV2, markdown, text |
| Install | pip install slither-analyzer | pip install mythril or Docker |
Recommended Workflow
- Slither first — catches low-hanging fruit in seconds
- Fix all Slither High/Medium findings — these are usually real
- Mythril second — deep scan for state-dependent exploits
- Review Mythril findings manually — verify the transaction sequences make sense
- Targeted Mythril runs — use
-mto focus on specific vulnerability classes
Tool Comparison
| Tool | Type | Speed | Depth | Ease of Use | Best For |
|---|---|---|---|---|---|
| Slither | Static analysis | Seconds | Pattern-based | Easy | Fast feedback, style, known patterns |
| Mythril | Symbolic execution | Minutes-hours | State-dependent | Medium | Proving exploitability, multi-tx bugs |
| Echidna | Fuzzing | Minutes-hours | Property-based | Medium | Custom invariant testing |
| Halmos | Symbolic testing | Minutes | Foundry-integrated | Medium | Formal verification in test framework |
| Certora | Formal verification | Minutes-hours | Full specification | Hard | Complete correctness proofs |
| Semgrep | Pattern matching | Seconds | Syntactic | Easy | Custom rules, large codebases |
When to Use What
- Every PR: Slither (fast, catches regressions)
- Pre-audit: Mythril + Echidna (find state-dependent bugs before auditors do)
- Critical DeFi: Certora or Halmos (prove correctness properties mathematically)
- Custom rules: Semgrep (org-specific patterns across many repos)
Common Pitfalls
Solc Version Mismatch
mythril.exceptions.CompilerError: Solc experienced a fatal error
Fix: specify the correct solc version:
myth analyze Contract.sol --solv 0.8.28
Import Resolution
Mythril cannot resolve imports by default. Provide paths:
myth analyze Contract.sol \
--solc-args "--base-path . --include-path node_modules --include-path lib"
For Foundry projects with remappings:
myth analyze src/Contract.sol \
--solc-args "--base-path . --include-path lib --allow-paths ."
Timeout Without Results
If Mythril times out with no findings, it does not mean the contract is safe — it means analysis was incomplete. Increase the timeout or reduce scope:
# Focus on specific modules to reduce analysis scope
myth analyze Contract.sol -m reentrancy -t 2 --execution-timeout 600
Memory Exhaustion
Large contracts with many state variables cause memory exhaustion. Limit with Docker:
docker run --memory=8g -v $(pwd):/src mythril/myth analyze /src/Contract.sol -t 2
Reference
- Official repository: https://github.com/Consensys/mythril
- SWC Registry: https://swcregistry.io/
- Mythril documentation: https://mythril-classic.readthedocs.io/
- Consensys Diligence: https://consensys.io/diligence/
Last verified: February 2026