Key Information

Register
Submit
The challenge is finished.
Show Deadlines

Challenge Overview

Mythril is a security analysis tool for Ethereum smart contracts. It uses concolic analysis, taint analysis, and control flow checking to detect a variety of security vulnerabilities.

Currently, Mythril syncs via RPC to a local contractdb for performing search operations. This method is inefficient and has a lot of other problems, including inaccurate reflection of account states (balances), and more.

There is already support for searching there state trie of a local geth node. However, the way it is currently implemented, it only works for small testnets. The EthLevelDB class first parses the complete state to create a list of all 'active' contracts in memory before search operations can be invoked. Obviously this is infeasible if the state trie is large.

To make this usable, it needs to be implemented in a way that allows users to iterate through contracts in the state trie either one-by-one, or by providing a search expression that invokes a callback every time a match is encountered.

Implementation details:Initial implementation ideas/instruction

  1. Add a configuration file that lets the user set the path to a local leveldb. Include examples in the comments. E.g., on Mac OS it is found in ~/Library/Ethereum/geth/chaindata.
  2. Refactor the LevelDB client class to allow one to iterate over contracts in the geth leveldb instead of reading all contracts into memory in advance.
    Probably the best way to do this is using a Generator.
  3. Refactor the search feature to invoke the new leveldb client class. Remove all references to contract storage.
  4. Completely remove the old persistence layer (contractstorage.py), the ZODB requirement and the --init-db feature.
Once the implementation is done, search only works if a valid local leveldb exists. Otherwise, the user is shown an error message.

Final Submission Guidelines

Submit Git patch against the commit a0db35bade4ce48c447013ae9bbc5963126a8213; provide verification doc with explanation of your implementation, and verification instructions; also include a brief verification video.

Reliability Rating and Bonus

For challenges that have a reliability bonus, the bonus depends on the reliability rating at the moment of registration for that project. A participant with no previous projects is considered to have no reliability rating, and therefore gets no bonus. Reliability bonus does not apply to Digital Run winnings. Since reliability rating is based on the past 15 projects, it can only have 15 discrete values.
Read more.

ELIGIBLE EVENTS:

2018 Topcoder(R) Open

REVIEW STYLE:

Final Review:

Community Review Board
?

Approval:

User Sign-Off
?

CHALLENGE LINKS:

Review Scorecard

?