Key Information

Register
Submit
The challenge is finished.
Show Deadlines

Challenge Overview

Mythril is a security analysis tool for Ethereum smart contracts. It uses concolic analysis, taint analysis, and control flow checking to detect a variety of security vulnerabilities.

Currently, Mythril syncs via RPC to a local contractdb for performing search operations. This method is inefficient and has a lot of other problems, including inaccurate reflection of account states (balances), and more.

There is already support for searching there state trie of a local geth node. However, the way it is currently implemented, it only works for small testnets. The EthLevelDB class first parses the complete state to create a list of all 'active' contracts in memory before search operations can be invoked. Obviously this is infeasible if the state trie is large.

To make this usable, it needs to be implemented in a way that allows users to iterate through contracts in the state trie either one-by-one, or by providing a search expression that invokes a callback every time a match is encountered.

Implementation details:Initial implementation ideas/instruction

  1. Add a configuration file that lets the user set the path to a local leveldb. Include examples in the comments. E.g., on Mac OS it is found in ~/Library/Ethereum/geth/chaindata.
  2. Refactor the LevelDB client class to allow one to iterate over contracts in the geth leveldb instead of reading all contracts into memory in advance.
    Probably the best way to do this is using a Generator.
  3. Refactor the search feature to invoke the new leveldb client class. Remove all references to contract storage.
  4. Completely remove the old persistence layer (contractstorage.py), the ZODB requirement and the --init-db feature.
Once the implementation is done, search only works if a valid local leveldb exists. Otherwise, the user is shown an error message.

Final Submission Guidelines

Submit Git patch against the commit a0db35bade4ce48c447013ae9bbc5963126a8213; provide verification doc with explanation of your implementation, and verification instructions; also include a brief verification video.

Payments

Topcoder will compensate members in accordance with our standard payment policies, unless otherwise specified in this challenge. For information on payment policies, setting up your profile to receive payments, and general payment questions, please refer to ‌Payment Policies and Instructions.

ELIGIBLE EVENTS:

2018 Topcoder(R) Open

REVIEW STYLE:

Final Review:

Community Review Board
?

Approval:

User Sign-Off
?

ID: 30066270