ico-arrow-big-left

Mythril - Smart Contract Hash-to-Address Mapping

Key Information

Register
Submit
The challenge is finished.
Show Deadlines

Challenge Overview

Mythril is a security analysis tool for Ethereum smart contracts, writted in Python. In this challenge you will add a new feature to the tool: indexing of contracts hash-to-address mapping, and lookup of contract addresses by hashes.

Project Background

As already told above, Mythril is a security analysis tool for Ethereum smart contracts, it uses concolic analysis, taint analysis, and control flow checks to detect a variety of security vulnerabilities. The core dev team behind Mythril relies on Topcoder community to boost their in-house development capabilities. We already had a lot of challenges focused on Mythril and related tools, and we are going to have more.

The geth (go-ethereum) state trie index accounts use SHA3 hash of its Ethereum address. The original address is not stored to the local geth database. As a consequence there is no way currently to display the contract address when using Mythril’s local search feature. (To learn more about the reason, see point #5 here). The goal of this challenge is to add such functionality to Mythril.

Technology Stack

Mythril itself is written in Python. For the purposes of this challenge, you with have to interact with go-ethereum and LevelDB.

Code acess

Mythril code is openly available in the GitHub repository. You work should be based on the commit fcd6c0942fa9362b19408f346e9dedbe3a20ffc1.

Individual Requirements

The major requirements of this challenge are:

  1. Add a function that generates (and if called again, incrementally updates with the new data) the sha3(address) -> address mapping, and stores it in the LevelDB.

  2. Add a function that looks up in that mapping, i.e. given sha3 it returns corresponding address from the mapping stored in LevelDB.

  3. Expose this functionality via command line argument of myth tool. It should work the following way:
    - We call $ myth --contract-hash-to-address SHA3_TO_LOOK_FOR
    - The tool checks the current state of the mapping stored in the LevelDB, generating, or updating it with the new data, if necessary. At this step, if the update is really necessary, and is expected to take some time (say, more than a few seconds), we need to report that in the console, saying Updating hash-to-address index.
    - Then myth returns the address corresponding to the given contract hash, or nothing if an unknown hash was provided.

    Also update the search feature (--search) to show contract addresses in the search results, instead of hashes.



Final Submission Guidelines

Submit Git patch with you changes, against the commit mentioned earlier. Your submission should also include a brief verification document, containing any notes for reviewers that will facilitate the testing, and a brief demo video, verifying that the feature works.

Payments

Topcoder will compensate members in accordance with our standard payment policies, unless otherwise specified in this challenge. For information on payment policies, setting up your profile to receive payments, and general payment questions, please refer to ‌Payment Policies and Instructions.

ELIGIBLE EVENTS:

2018 Topcoder(R) Open

REVIEW STYLE:

Final Review:

Community Review Board
?

Approval:

User Sign-Off
?

ID: 30067940