63 lines
1.9 KiB
Markdown
63 lines
1.9 KiB
Markdown
---
|
||
title: "Mythril(符号执行分析)"
|
||
type: concept
|
||
tags: [blockchain, security, smart-contract, symbolic-execution, tooling]
|
||
sources: [blockchain-security-auditor]
|
||
last_updated: 2026-05-30
|
||
---
|
||
|
||
## Aliases
|
||
- Mythril
|
||
- Mythril Classic
|
||
- Symbolic Execution Analyzer
|
||
|
||
## Definition
|
||
|
||
Mythril 是基于符号执行(Symbolic Execution)的智能合约安全分析工具,由 Consensys 开发。它通过将合约函数参数替换为符号变量,系统性地探索所有可能的执行路径,寻找可能导致资产损失或合约异常的状态。
|
||
|
||
## Key Features
|
||
|
||
- **符号执行**:不依赖具体输入值,遍历所有路径
|
||
- **深度扫描**:适合关键合约的深度分析(比 Slither 慢但更深入)
|
||
- **多种漏洞检测**:整数溢出/下溢、时间戳依赖、访问控制、逻辑漏洞
|
||
- **生成攻击场景**:自动生成可触发漏洞的交易序列
|
||
|
||
## Usage
|
||
|
||
```bash
|
||
# 基本分析
|
||
myth analyze src/MainContract.sol --solc-json mythril-config.json
|
||
|
||
# 高级配置
|
||
myth analyze src/MainContract.sol \
|
||
--execution-timeout 300 \
|
||
--max-depth 30 \
|
||
-o json > mythril-results.json
|
||
|
||
# 配合 Truffle
|
||
mythril truffle compile
|
||
mythril analyze --truffle
|
||
```
|
||
|
||
## Mythril vs Slither
|
||
|
||
| Dimension | [[Slither]] | [[Mythril]] |
|
||
|-----------|-------------|-------------|
|
||
| Method | AST-based static analysis | Symbolic execution |
|
||
| Speed | Fast | Slow |
|
||
| Depth | Surface-level | Deep path coverage |
|
||
| False positives | Low | Higher |
|
||
| Best for | Initial scan, high-confidence bugs | Critical functions, complex logic |
|
||
|
||
## Limitations
|
||
|
||
- 执行超时限制(通常 5-10 分钟)
|
||
- 路径爆炸问题(复杂合约分析不完整)
|
||
- 外部依赖处理有限(需要 mock)
|
||
- 已被 MythX 商业化版本部分替代
|
||
|
||
## Connections
|
||
- [[Blockchain-Security-Auditor]] ← uses ← [[Mythril]]
|
||
- [[Slither]] ← complementary analysis ← [[Mythril]]
|
||
- [[Formal-Verification]] ← deeper rigor ← [[Mythril]]
|