Remix integration with MythX

MythX is available as a plugin for Remix, a popular web-based IDE for smart contract development and deployment, created and hosted by the Ethereum Foundation.

../../_images/remix.jpg

Setup

Note

These instructions will show the Remix interface that is current as of early 2020. We recommend everyone use this interface.

Because Remix is a web-based interface, no local installation is required. However, MythX will need to be specifically activated from within the Remix Plugin Manager before use.

To activate MythX in Remix:

  1. Click the Plugins icon (which resembles a plug).

    ../../_images/pluginsbutton.png

    Alternately, click the See all Plugins button under Featured Plugins.

  2. The full list of plugins for Remix will be displayed. Scroll down to the entry titled MythX Security Verification and click Activate.

    ../../_images/mythxpluginlist.png

    If done correctly, the plugin will be listed under Active Modules and the MythX icon will be shown in the sidebar.

    ../../_images/activemodules.png

Authentication

  1. Click the MythX logo and enter your MythX credentials. This consists of your Ethereum address and your account password. (You can also enter your registered email address instead of your Ethereum address.) When done, click Save.

    ../../_images/mythxcreds2.png

    Note

    You need to link your Ethereum account to your MythX account to use MythX with Remix. See the Getting started with MythX security tools page for more details.

Usage

You can perform a security analysis on any contract in any open file on Remix.

To perform an analysis:

  1. Click the MythX logo on the sidebar to open the MythX control panel (if it isn’t already open).

  2. Below the credentials section, there will be a box containing a list of all applicable contracts. Select the contract you wish to analyze and click the Analyze button. You can also select the scan mode as shown below:

    ../../_images/remixscanmodes.png

    Note

    Different plans have access to different modes. Please refer to the MythX Pricing page to see which plan you need for each mode.

    Note

    The contract may need to be compiled first, depending on the current Remix settings. Make sure the Solidity Compiler plugin for Remix is activated in your project. You will have to click the Solidity icon and then click the Compile button for your contract.

  3. Depending on the scan mode selected, the analysis may take a few minutes. When completed, a list of vulnerabilities will be displayed, along with a link to the SWC Registry for each vulnerability found.

    ../../_images/results.png