CrossHair
mythril
CrossHair | mythril | |
---|---|---|
8 | 12 | |
948 | 3,725 | |
- | 0.9% | |
9.2 | 8.1 | |
11 days ago | 5 days ago | |
Python | Python | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
CrossHair
-
Try CrossHair while working other Python projects
Writing some Python for Hacktoberfest? Try out CrossHair while you do that and get credit for a blog post too! https://github.com/pschanely/CrossHair/issues/173
-
What are some amazing, great python external modules, libraries to explore?
CrossHair, Hypothesis, and Mutmut for advanced testing.
-
Formal Verification Methods in industry
When you say "formal verification methods", what kind of techniques are you interested in? While using interactive theorem provers will most likely not become very widespread, there are plenty of tools that use formal techniques to give more correctness guarantees. These tools might give some guarantees, but do not guarantee complete functional correctness. WireGuard (VPN tunnel) is I think a very interesting application where they verified the protocol. There are also some tools in use, e.g. Mythril and CrossHair, that focus on detecting bugs using symbolic execution. There's also INFER from Facebook/Meta which tries to verify memory safety automatically. The following GitHub repo might also interest you, it lists some companies that use formal methods: practical-fm
-
Klara: Python automatic test generations and static analysis library
The main difference that Klara bring to the table, compared to similar tool like pynguin and Crosshair is that the analysis is entirely static, meaning that no user code will be executed, and you can easily extend the test generation strategy via plugin loading (e.g. the options arg to the Component object returned from function above is not needed for test coverage).
-
Pynguin – Allow developers to generate Python unit tests automatically
Just in case you are looking for an alternative approach: if you write contracts in your code, you might also consider crosshair [1] or icontract-hypothesis [2]. If your function/method does not need any pre-conditions then the the type annotations can be directly used.
(I'm one of the authors of icontract-hypothesis.)
[1] https://github.com/pschanely/CrossHair
[2] https://github.com/mristin/icontract-hypothesis
-
Programming in Z3 by learning to think like a compiler
There's a tool for verification of Python programs based on contracts which uses Z3: https://github.com/pschanely/CrossHair
You can use it as part of your CI or during the development (there's even a neat "watch" mode, akin to auto-correct).
- Diff the behavior of two Python functions
-
Finding Software Bugs Using Symbolic Execution
Looking at some of your SMT-based projects, I'd love to compare your SMT solver notes with my mine from working on https://github.com/pschanely/CrossHair
Sadly, there aren't a lot of resources on how to use SMT solvers well.
mythril
-
Fuzzing Around: Better Smart Contract Testing through the Power of Random Inputs
Fuzzing has been around for a while in traditional full-stack development, but a new class of tools is here that can apply fuzzing to smart contract testing in web3. Some of the fuzzing tools include the open source Echidna and MythX.
-
Mythril an easy way to audit your smart contracts.
Mythril is part of the core tools of Consensys Mythx one of the biggest Smart Contract security services for Ethereum, which main goal is to ensure development teams avoid costly errors and make Ethereum more secure and trustworthy… or at least that is what their page says.
-
How do you guarantee the security of your smart contracts?
Other than audits and testing, there's automated security checking: https://github.com/ConsenSys/mythril I'm yet to try this in one of my projects
-
Launching your Ethereum dApp on Avalanche
Mythril
-
A Comprehensive Guide on Web3 Programming Languages and Tools
MythX, Mythril, Manticore, and Echidna are other tools for security audits.
-
Tools to verify solidity code
Smart Contract Weakness Classification and Test Cases: https://swcregistry.io/ OKO Contract Explorer: https://oko.palkeo.com/txview Slither: https://github.com/crytic/slither MythX: https://mythx.io/ Tenderly: https://tenderly.dev/ Spot check program: https://docs.google.com/document/d/16...
-
Static analysis of smartcontracts?
There are some paid tools and some free ones. A few that come to mind are ConsenSys MythX (based in part on the open-source Mythril), ShiftLeft, Oyente, Octopus… maybe best to just check out ETHSecurity’s list.
-
Formal Verification Methods in industry
When you say "formal verification methods", what kind of techniques are you interested in? While using interactive theorem provers will most likely not become very widespread, there are plenty of tools that use formal techniques to give more correctness guarantees. These tools might give some guarantees, but do not guarantee complete functional correctness. WireGuard (VPN tunnel) is I think a very interesting application where they verified the protocol. There are also some tools in use, e.g. Mythril and CrossHair, that focus on detecting bugs using symbolic execution. There's also INFER from Facebook/Meta which tries to verify memory safety automatically. The following GitHub repo might also interest you, it lists some companies that use formal methods: practical-fm
-
Please check this if you are looking for a good tokenomics project.
- Audited by MythX.io
-
What kind of Ethereum node/API/setup do I need for these use cases?
ability to run security analysis on contracts using for .e.g. https://github.com/ConsenSys/mythril
What are some alternatives?
pynguin - The PYthoN General UnIt Test geNerator is a test-generation tool for Python
manticore - Symbolic execution tool
icontract-hypothesis - Combine contracts and automatic testing.
truffle - :warning: The Truffle Suite is being sunset. For information on ongoing support, migration options and FAQs, visit the Consensys blog. Thank you for all the support over the years.
angr - A powerful and user-friendly binary analysis platform!
slither - Static Analyzer for Solidity and Vyper
alive2 - Automatic verification of LLVM optimizations
smart-contract-best-practices - A guide to smart contract security best practices
klee - KLEE Symbolic Execution Engine
solc-select - Manage and switch between Solidity compiler versions
miasm - Reverse engineering framework in Python
pyteal - Algorand Smart Contracts in Python