Challenge Overview

The scope of this challenge is to create a Visual Studio Code Extension that performs security analysis on a Solidity source code file or on a folder of Solidity files. When activated with a menu item/button/shortcut, the extension should compile the code and submit the resulting bytecode to the Mythril security analysis API. The identified issues should be highlighted in the source code (similar to a linter such as Solhint).

Detailed Requirements

Mythril API
The Mythril API is located at: https://mythril.network/mythril/v1/

It takes Ethereum bytecode as input and returns a JSON-formatted list of security issues. Your extension should first compile the contract(s) that need to be analyzed, and then perform the analysis via the a following API calls.

Submitting code for analysis

Request:
POST /mythril/v1/analysis HTTP/1.1
Host: mythril.network
Content-Type: application/json
{
  "type": "bytecode",
  "contract": "60606040(..)"
}


Response:
{
  "result": "Queued",
  "uuid": "90a77fa8-96ed-4f4d-a774-39c6be468932"
}


Retrieving the analysis status

Request:
GET /mythril/v1/analysis/90a77fa8-96ed-4f4d-a774-39c6be468932 HTTP/1.1

Response:
{
  "result": "Finished",
  "uuid": "00faac12-6b88-4f2f-9ef1-63eedd4a47d5"
}


Retrieving the analysis results

Request:
GET /mythril/v1/analysis/90a77fa8-96ed-4f4d-a774-39c6be468932/issues HTTP/1.1
Host: mythril.network


Response:
Returns a list of issues, or an empty list if no issues have been found. E.g.:

[
  {
    "description": "Issue 1 Description.",
    "pcAddress": "648",
    "functionName": "_function_0x2e1a7d4d",
    "contract": "MAIN",
    "type": "Warning",
    "name": "Issue 1 name"
  },
  (...)
]


The analysis should run it in the background without blocking the UI (note that for complex contracts it can take up to a few minutes). Once the analysis is finished, the extension should highlight the lines of Solidity code that are affected by security issues, and list the issues in the “PROBLEMS” view or in an additional “SECURITY” view (if it's possible to add one).

Additional Information

  • Several Visual Studio plugins integrate solc, for example VSCode-Solidity. For the compilation part it might be possible to build on one of those plugins, ore use them as a dependency.
  • Each issue reported by Mythril contains a “pcAddress” field. This is the program counter address at which the issue occurs. solc has a “srcmap-runtime” output option that contains a mapping of pc addresses to source code lines.
  • In general, it is helpful to understand the command line options and output formats of the solc compiler. By using the —combined-json argument various types of output can be combined.
  • Note that the bytecode to be submitted is the runtime bytecode (bin-runtime).

Resources

Blockchain Community

This challenge is delivered to you by Topcoder Blockchain Community, please check and join the community, if you have not done it already: it will help us to bring you more blockchain-related challenges in future.

Final Submission Guidelines

Submit a ZIP archive with the source code and an extension package (,vsix).

ELIGIBLE EVENTS:

2018 Topcoder(R) Open

Review style

Final Review

Community Review Board

Approval

User Sign-Off

ID: 30062676