Challenge Overview
Mythril is a security analysis tool for Ethereum smart contracts. It uses concolic analysis, taint analysis, and control flow checking to detect a variety of security vulnerabilities.
Currently, Mythril syncs via RPC to a local contractdb for performing search operations. This method is inefficient and has a lot of other problems, including inaccurate reflection of account states (balances), and more.
There is already support for searching there state trie of a local geth node. However, the way it is currently implemented, it only works for small testnets. The EthLevelDB class first parses the complete state to create a list of all 'active' contracts in memory before search operations can be invoked. Obviously this is infeasible if the state trie is large.
To make this usable, it needs to be implemented in a way that allows users to iterate through contracts in the state trie either one-by-one, or by providing a search expression that invokes a callback every time a match is encountered.
Currently, Mythril syncs via RPC to a local contractdb for performing search operations. This method is inefficient and has a lot of other problems, including inaccurate reflection of account states (balances), and more.
There is already support for searching there state trie of a local geth node. However, the way it is currently implemented, it only works for small testnets. The EthLevelDB class first parses the complete state to create a list of all 'active' contracts in memory before search operations can be invoked. Obviously this is infeasible if the state trie is large.
To make this usable, it needs to be implemented in a way that allows users to iterate through contracts in the state trie either one-by-one, or by providing a search expression that invokes a callback every time a match is encountered.
Implementation details:Initial implementation ideas/instruction
- Add a configuration file that lets the user set the path to a local leveldb. Include examples in the comments. E.g., on Mac OS it is found in ~/Library/Ethereum/geth/chaindata.
- Refactor the LevelDB client class to allow one to iterate over contracts in the geth leveldb instead of reading all contracts into memory in advance.
Probably the best way to do this is using a Generator. - Refactor the search feature to invoke the new leveldb client class. Remove all references to contract storage.
- Completely remove the old persistence layer (contractstorage.py), the ZODB requirement and the --init-db feature.