Detailed RequirementsMythril API
The Mythril API is located at: https://mythril.network/mythril/v1/
It takes Ethereum bytecode as input and returns a JSON-formatted list of security issues. Your extension should first compile the contract(s) that need to be analyzed, and then perform the analysis via the a following API calls.
Submitting code for analysis
POST /mythril/v1/analysis HTTP/1.1
Retrieving the analysis status
GET /mythril/v1/analysis/90a77fa8-96ed-4f4d-a774-39c6be468932 HTTP/1.1
Retrieving the analysis results
GET /mythril/v1/analysis/90a77fa8-96ed-4f4d-a774-39c6be468932/issues HTTP/1.1
Returns a list of issues, or an empty list if no issues have been found. E.g.:
"description": "Issue 1 Description.",
"name": "Issue 1 name"
The analysis should run it in the background without blocking the UI (note that for complex contracts it can take up to a few minutes). Once the analysis is finished, the extension should highlight the lines of Solidity code that are affected by security issues, and list the issues in the “PROBLEMS” view or in an additional “SECURITY” view (if it's possible to add one).
- Several Visual Studio plugins integrate solc, for example VSCode-Solidity. For the compilation part it might be possible to build on one of those plugins, ore use them as a dependency.
- Each issue reported by Mythril contains a “pcAddress” field. This is the program counter address at which the issue occurs. solc has a “srcmap-runtime” output option that contains a mapping of pc addresses to source code lines.
- In general, it is helpful to understand the command line options and output formats of the solc compiler. By using the —combined-json argument various types of output can be combined.
- Note that the bytecode to be submitted is the runtime bytecode (bin-runtime).
- Introduction to smart contracts: http://solidity.readthedocs.io/en/develop/introduction-to-smart-contracts.html
- Scanning Ethereum smart contracts with Mythril: https://hackernoon.com/scanning-ethereum-smart-contracts-for-vulnerabilities-b5caefd995df
- Building extensions for VS Code: https://code.visualstudio.com/docs/extensions/overview