MythXvsc is an extension for running MythX smart contract analysis from Visual Studio Code.
The extension provides:
- Smart contract compilation (via the Solidity VS Code extension)
- Authentication to the MythX platform
- AST extraction from compiled source
- Submission of analysis
- Displaying analysis result in VS Code in a linting fashion
You need to sign up for a MythX account in order to use the MythX extension for VS Code. Your account, once verified, is on the Free plan.
MythX offers both free and paid plans. For information on plans and features, please see our plans page.
The MythXvsc extension depends on the Solidity extension by Juan Blanco. Make sure to download this from Visual Studio Code Marketplace before installing MythXvsc.
MythX uses an API key for authentication. This API key can be generated in your dashboard. In the Profile tab there is a section titled MythX API Key. Generate a new API key by entering your account password:
On successful authentication, a new API key is generated, which can be used for further authentication by API clients. It will only be shown once, and can be copied using the icon on the right of the truncated secret string. If the token is lost, a new one can be generated again in the same way as explained above.
After installing the extension, copy the token and paste it in the VS Code user settings as shown below.
Authentication via Ethereum address or user name and password is deprecated.
Open a Solidity file from inside a folder or workspace, and click the MythX: Analyze smart contract button that you will see in the top right of your IDE window. Otherwise, right click with your mouse on the contract name and you will see the command there.
MythX allows users to choose from three different scan modes. This extension supports all three.
Different plans have access to different modes. Please refer to the MythX Pricing page to see which plan you need for each mode.
Once the solidity compilation is done, you will be asked to pick a contract from a dropdown list of contracts that exist in the compiled AST. Please make sure to pick the main contract to avoid inconsistent results.
Once the analysis is over, you will see your smart contract issues highlighted in your code. The exact time it takes to perform an analysis will depend on the mode selected and the plan associated with your account.