Without any doubt, one article is not enough to describe a full range of issues Mythril is capable of detecting. On top of that, it works in a real blockchain environment, finds necessary contracts and vulnerabilities by signature, builds beautiful call graphs, and edits reports. Mythril allows to write individual test scripts in a python-based interface, test particular functions quite easily, fix parameter values, or even implement a custom strategy for working with disassembled code.
Unlike IDA Pro, Mythril is still a young software, and there's almost no documentation except for a few articles. Many Mythril parameters are only described in the code (starting with a cli.py
). I hope that a full and comprehensive documentation with parameter description will appear soon.
When the contract is more or less large, displaying error heaps takes a lot of space. I would like to receive a compressed data about detected errors. Working with Mythril, it is necessary to track the process, contracts that were tested and, if necessary, deliberately remove the errors the auditor knows are false-positives.
On the whole, Mythril is an excellent and very powerful tool for analyzing smart contracts. Every auditor should use it, as it draws attention to the critical parts of the code and detects hidden connections between variables.
To sum up, the recommendations for using Mythril are the following: