Challenge Overview

Mythril API provides security analysis for Ethereum smart contracts. In this challenge you will add more information, and a few new options / features to the API.

Project Background

Mythril API was developed and is maintained by Topcoder community. You should expect further challenges related to the API.

Technology Stack

Mythril API is based on ExpressJS / NodeJS. It uses MongoDB as the database, and RabbitMQ for communication between API server and worker.

Code Access

Current codebase is provided in the challenge forum, as a zipped snapshot of Git repository. You will work out of the commit bee1a501172d24c27cc9e6a184e5c596284ff944. Remember that API code is proprietary, and must not be used / exposed out of the context of this challenge. Also, you will need to make some updates in mythril-ci repository. In its integration-testing branch, in src/docker/integration-tests folder we host integration tests that verify that API works properly with the current mythril version, thus preventing any regression. You will have to update these tests appropriately for your changes. The tests are written in JavaScript and use Jest / supertest.


  1. Add the following information to the analysis status reponses (/analysis/{ANALYSIS_ID}), and hence to the analysis data stored in the database:
    - Analysis start date/time
    - Analysis duration (from submission till finish, or till the current time, if the analysis is still ongoing / queued)
    - API version that was used for the analysis (current API version is injected into configuration)
    - Mythril version that was used for the analysis (can be obtained from myth --version command)
    Updated: please check this thread in the challenge forum:, it slightly overrides these specs, asking to store to the database submission, analysis_start, and analysis_end times, and report in the API response submission time along with to durations: time in queue and the actual analysis duration.
  2. Add GET /analysis endpoint, that will return the list of all analysis submitted by the user. It should return an array of same objects as the /analysis/{ANALYSIS_ID} endpoint, sorted by submission time from the most recent to older ones. By default it should return 10 (should be configurable as a constant in the related module) most recently submitted analysis. The endpoint should support the following query params: offset - to skip specified number of results, and return the next 10; dateFrom, and dateTo to filter results by submissions dates.
  3. Implement caching of analysis results. Once an analysis is perfomed, we should store in the database a mapping between the analysed bytecode, and API / Mythril versions and analysis results. When a new analysis is submitted, we should check whether we have analysis results cached for that code / API / Mythril versions, and if yes, we should copy cached results into submitted analysis results, rather then performing the actual analysis with the API worker. The cache should be reset once API is started with API or Mythril version newer then in the cache.
  4. Update OpenAPI definitions and tests in the mythril-api repository.
  5. Update integration tests in mythril-ci repository.
In case of any doubts do not hesitate to raise questions in the challenge forum.

Final Submission Guidelines

Submit Git patches for mythril-api and mythril-ci repositories.


Topcoder Open 2019


Final Review:

Community Review Board


User Sign-Off


ID: 30069758