Key Information

Register
Submit
The challenge is finished.
Show Deadlines

Challenge Overview

The scope of this challenge is to create a Visual Studio Code Extension that performs security analysis on a Solidity source code file or on a folder of Solidity files. When activated with a menu item/button/shortcut, the extension should compile the code and submit the resulting bytecode to the Mythril security analysis API. The identified issues should be highlighted in the source code (similar to a linter such as Solhint).

Detailed Requirements

Mythril API
The Mythril API is located at: https://mythril.network/mythril/v1/

It takes Ethereum bytecode as input and returns a JSON-formatted list of security issues. Your extension should first compile the contract(s) that need to be analyzed, and then perform the analysis via the a following API calls.

Submitting code for analysis

Request:
POST /mythril/v1/analysis HTTP/1.1
Host: mythril.network
Content-Type: application/json
{
  "type": "bytecode",
  "contract": "60606040(..)"
}


Response:
{
  "result": "Queued",
  "uuid": "90a77fa8-96ed-4f4d-a774-39c6be468932"
}


Retrieving the analysis status

Request:
GET /mythril/v1/analysis/90a77fa8-96ed-4f4d-a774-39c6be468932 HTTP/1.1

Response:
{
  "result": "Finished",
  "uuid": "00faac12-6b88-4f2f-9ef1-63eedd4a47d5"
}


Retrieving the analysis results

Request:
GET /mythril/v1/analysis/90a77fa8-96ed-4f4d-a774-39c6be468932/issues HTTP/1.1
Host: mythril.network


Response:
Returns a list of issues, or an empty list if no issues have been found. E.g.:

[
  {
    "description": "Issue 1 Description.",
    "pcAddress": "648",
    "functionName": "_function_0x2e1a7d4d",
    "contract": "MAIN",
    "type": "Warning",
    "name": "Issue 1 name"
  },
  (...)
]


The analysis should run it in the background without blocking the UI (note that for complex contracts it can take up to a few minutes). Once the analysis is finished, the extension should highlight the lines of Solidity code that are affected by security issues, and list the issues in the “PROBLEMS” view or in an additional “SECURITY” view (if it's possible to add one).

Additional Information

  • Several Visual Studio plugins integrate solc, for example VSCode-Solidity. For the compilation part it might be possible to build on one of those plugins, ore use them as a dependency.
  • Each issue reported by Mythril contains a “pcAddress” field. This is the program counter address at which the issue occurs. solc has a “srcmap-runtime” output option that contains a mapping of pc addresses to source code lines.
  • In general, it is helpful to understand the command line options and output formats of the solc compiler. By using the —combined-json argument various types of output can be combined.
  • Note that the bytecode to be submitted is the runtime bytecode (bin-runtime).

Resources

Blockchain Community

This challenge is delivered to you by Topcoder Blockchain Community, please check and join the community, if you have not done it already: it will help us to bring you more blockchain-related challenges in future.

Final Submission Guidelines

Submit a ZIP archive with the source code and an extension package (,vsix).

Reliability Rating and Bonus

For challenges that have a reliability bonus, the bonus depends on the reliability rating at the moment of registration for that project. A participant with no previous projects is considered to have no reliability rating, and therefore gets no bonus. Reliability bonus does not apply to Digital Run winnings. Since reliability rating is based on the past 15 projects, it can only have 15 discrete values.
Read more.

ELIGIBLE EVENTS:

2018 Topcoder(R) Open

REVIEW STYLE:

Final Review:

Community Review Board
?

Approval:

User Sign-Off
?

CHALLENGE LINKS:

Review Scorecard

?