Mythril is a security analysis tool for Ethereum smart contracts, writted in Python. In this challenge you will add a new feature to the tool: indexing of contracts hash-to-address mapping, and lookup of contract addresses by hashes.
As already told above, Mythril is a security analysis tool for Ethereum smart contracts, it uses concolic analysis, taint analysis, and control flow checks to detect a variety of security vulnerabilities. The core dev team behind Mythril relies on Topcoder community to boost their in-house development capabilities. We already had a lot of challenges focused on Mythril and related tools, and we are going to have more.
The geth (go-ethereum) state trie index accounts use SHA3 hash of its Ethereum address. The original address is not stored to the local geth database. As a consequence there is no way currently to display the contract address when using Mythril’s local search feature. (To learn more about the reason, see point #5 here). The goal of this challenge is to add such functionality to Mythril.
Mythril code is openly available in the GitHub repository. You work should be based on the commit fcd6c0942fa9362b19408f346e9dedbe3a20ffc1.
The major requirements of this challenge are:
Add a function that generates (and if called again, incrementally updates with the new data) the sha3(address) -> address mapping, and stores it in the LevelDB.
Add a function that looks up in that mapping, i.e. given sha3 it returns corresponding address from the mapping stored in LevelDB.
Expose this functionality via command line argument of myth tool. It should work the following way:
- We call $ myth --contract-hash-to-address SHA3_TO_LOOK_FOR
- The tool checks the current state of the mapping stored in the LevelDB, generating, or updating it with the new data, if necessary. At this step, if the update is really necessary, and is expected to take some time (say, more than a few seconds), we need to report that in the console, saying Updating hash-to-address index.
- Then myth returns the address corresponding to the given contract hash, or nothing if an unknown hash was provided.
Also update the search feature (--search) to show contract addresses in the search results, instead of hashes.