ico-arrow-big-left

Mythril - Smart Contract Hash-to-Address Mapping

Key Information

Register
Submit
The challenge is finished.
Show Deadlines

Challenge Overview

Mythril is a security analysis tool for Ethereum smart contracts, writted in Python. In this challenge you will add a new feature to the tool: indexing of contracts hash-to-address mapping, and lookup of contract addresses by hashes.

Project Background

As already told above, Mythril is a security analysis tool for Ethereum smart contracts, it uses concolic analysis, taint analysis, and control flow checks to detect a variety of security vulnerabilities. The core dev team behind Mythril relies on Topcoder community to boost their in-house development capabilities. We already had a lot of challenges focused on Mythril and related tools, and we are going to have more.

The geth (go-ethereum) state trie index accounts use SHA3 hash of its Ethereum address. The original address is not stored to the local geth database. As a consequence there is no way currently to display the contract address when using Mythril’s local search feature. (To learn more about the reason, see point #5 here). The goal of this challenge is to add such functionality to Mythril.

Technology Stack

Mythril itself is written in Python. For the purposes of this challenge, you with have to interact with go-ethereum and LevelDB.

Code acess

Mythril code is openly available in the GitHub repository. You work should be based on the commit fcd6c0942fa9362b19408f346e9dedbe3a20ffc1.

Individual Requirements

The major requirements of this challenge are:

  1. Add a function that generates (and if called again, incrementally updates with the new data) the sha3(address) -> address mapping, and stores it in the LevelDB.

  2. Add a function that looks up in that mapping, i.e. given sha3 it returns corresponding address from the mapping stored in LevelDB.

  3. Expose this functionality via command line argument of myth tool. It should work the following way:
    - We call $ myth --contract-hash-to-address SHA3_TO_LOOK_FOR
    - The tool checks the current state of the mapping stored in the LevelDB, generating, or updating it with the new data, if necessary. At this step, if the update is really necessary, and is expected to take some time (say, more than a few seconds), we need to report that in the console, saying Updating hash-to-address index.
    - Then myth returns the address corresponding to the given contract hash, or nothing if an unknown hash was provided.

    Also update the search feature (--search) to show contract addresses in the search results, instead of hashes.

Final Submission Guidelines

Submit Git patch with you changes, against the commit mentioned earlier. Your submission should also include a brief verification document, containing any notes for reviewers that will facilitate the testing, and a brief demo video, verifying that the feature works.

Reliability Rating and Bonus

For challenges that have a reliability bonus, the bonus depends on the reliability rating at the moment of registration for that project. A participant with no previous projects is considered to have no reliability rating, and therefore gets no bonus. Reliability bonus does not apply to Digital Run winnings. Since reliability rating is based on the past 15 projects, it can only have 15 discrete values.
Read more.

ELIGIBLE EVENTS:

2018 Topcoder(R) Open

REVIEW STYLE:

Final Review:

Community Review Board
?

Approval:

User Sign-Off
?

CHALLENGE LINKS:

Review Scorecard

?