Challenge Overview
Mythril is a security analysis tool for Ethereum smart contracts. It is based on a symbolic virtual machine (SVM) called LASER-ethereum. The virtual machine symbolically executes the code and creates a representation of all possible program states.
The states are organized into a control flow graph. Running a smart contract in the SVM returns a Python object containing lists of nodes and edges. Each node represents a basic block of code. The LASER source code with some documentation is
available here: https://github.com/b-mueller/laser-ethereum
A good way to illustrate the data structure is Mythril’s control flow graph function, which renders the graph as an HTML file: https://github.com/ConsenSys/mythril#control-flow-graph
The code for generating the graph is found here: https://github.com/ConsenSys/mythril/blob/master/mythril/analysis/callgraph.py
In this challenge, the goal is to create a GUI version of Mythril’s trace view with some additional interactive features. Most importantly, it should be possible to click any node in the graph to open a trace view, which can then be used to navigate through the states in that node, and inspect state variables such as the stack, memory and account storage. A comparable function can be found in remix:
https://remix.ethereum.org
Documentation for debugging a transaction in remix:
http://remix.readthedocs.io/en/latest/tutorial_debug.html#from-the-transaction-gui
The submission must have the following features:
The states are organized into a control flow graph. Running a smart contract in the SVM returns a Python object containing lists of nodes and edges. Each node represents a basic block of code. The LASER source code with some documentation is
available here: https://github.com/b-mueller/laser-ethereum
A good way to illustrate the data structure is Mythril’s control flow graph function, which renders the graph as an HTML file: https://github.com/ConsenSys/mythril#control-flow-graph
The code for generating the graph is found here: https://github.com/ConsenSys/mythril/blob/master/mythril/analysis/callgraph.py
In this challenge, the goal is to create a GUI version of Mythril’s trace view with some additional interactive features. Most importantly, it should be possible to click any node in the graph to open a trace view, which can then be used to navigate through the states in that node, and inspect state variables such as the stack, memory and account storage. A comparable function can be found in remix:
https://remix.ethereum.org
Documentation for debugging a transaction in remix:
http://remix.readthedocs.io/en/latest/tutorial_debug.html#from-the-transaction-gui
The submission must have the following features:
- An option to import a LASER statespace object in some form (e.g. by loading a JSON dump of the object), or a function to execute Mythril/LASER with bytecode input;
- A main window that displays a control flow graph, similar to Mythril’s HTML graph. The graph should be zoomable and scrollable.
- When the user clicks a node in the graph, a trace view should open. The trace view should be similar to the Remix debugger view, with a way to navigate within the range of instructions contained in the active node.
- The trace view should allow to investigate instruction, memory, stack and state variables for every state.