Easy Multi-Contract Security Analysis Using Mythril

How to use the open source symbolic executor to analyze a setup of multiple smart contracts.

The MythX platform leverages several internal components to provide the best possible analysis results. One of these components is available open source: the symbolic executor Mythril. In this article, I’ll demonstrate how you can use Mythril to analyze a setup of multiple smart contracts.

By default, Mythril will analyze a contract in isolation. Interactions with external contracts are generalized so that we capture all possible vulnerabilities. Sometimes, this means we find a weakness in your smart contract that might not affect your particular setup. That’s because the specific deployment values you use can have a considerable effect on how the system behaves as a whole.

Luckily you can also use Mythril to execute multi-contract analysis and analyze a specific configuration of multiple smart contracts. As a result, you might capture fewer warnings, but the results will be tailor-made to your deployment.

To do multi-contract analysis, we’ll use Mythril’s ability to analyze contracts deployed on an Ethereum network (hint: we’ll use Ganache to launch our private test network). We will deploy our contract on a network, and in doing so, create a possible target for Mythril to analyze.