More ways to stay secure: Announcing two new plans and another way to pay

By Mike Pumphrey | Tuesday, January 21st, 2020

We’re introducing new plans offering the highest confidence in the correctness of your code, and allowing payment via credit/debit cards for the first time.

We’re excited to announce some changes to our MythX plans that will be going live on January 31, 2020.

Now, whenever a team announces “exciting changes” it’s often code word for something bad, but in this case, these changes should positively affect (as far as we can predict) absolutely all of our known users.

Rather than differentiating each plan based on the amount of smart contract weaknesses MythX detects, our new plans are now primarily tailored towards the security needs of your project, enabling small teams, individual developers, enterprises, and professional auditors to gain full confidence that their smart contracts are secure.

Share this post:

MythX is for all stages of smart contract development

By Mike Pumphrey | Tuesday, January 7th, 2020

We recommend using MythX through every stage of the smart contract development life-cycle, before, during, and after deployment.

MythX waterfall

(Note: This post was originally published in June 2019 and has been updated.)

We talk a lot here on the MythX team about the importance of regular, routine analysis of your smart contracts prior to deployment onto the blockchain.

The reason for this is simple: once the contract is deployed, it is immutable. Any vulnerability in your code that you deployed will be there forever.

In this way, you can think of contracts on the blockchain like embedded systems. Once the widget is sent out of the factory, it will always do whatever it was programmed to do. Forever.

(Which, incidentally, is why we should probably be slightly concerned about the Year 2038 problem. Yikes!)

Before and during

Our prescription is easily told: we recommend using MythX through every stage of the smart contract development life-cycle.

We also highly recommend a manual audit before you deploy, to find the business logic errors that an automated tool can’t detect. (We might be biased, but we can’t say enough good things about the team of auditors at ConsenSys Diligence.)

But all of that happens before deployment. What about after deployment? Can you just kick back and wash your hands of the whole security thing?

Unfortunately, no.

Share this post:

All smart contract security issues in one place: An introduction to the SWC Registry

By Mike Pumphrey | Tuesday, December 10th, 2019

The SWC Registry is an indispensable resource for securing your smart contracts. Here we show how you can use it most effectively.

In our last post, we showed you how you can use Remix with the MythX plugin to detect weaknesses in smart contract code.

Now, let’s talk about those weaknesses.

Smart contract weaknesses are classified into many different types, allowing for easier management and discussion. The code that generates the weakness may vary widely, but the type of weakness is the same.

This sort of thing isn’t unique to smart contracts, of course. The idea of “signatures” in an antivirus context has been around for decades, and the Common Weakness Enumeration (CWE), describes software weaknesses in much the same way.

But smart contracts, due to the specific nature of the blockchain, require specialized discussion. A weakness in software written in C++ is just not the same.

With this in mind, a group of developers, auditors, and researchers at ConsenSys Diligence (where MythX was originally developed) created an analog to the CWE called the SWC Registry, or Smart Contract Weakness Classification Registry.

The SWC Registry is designed to provide smart contract developers with both language and remediation steps for dealing with issues that come up in the smart contract secure development lifecycle (SDLC).

In the SWC Registry, each entry (what we call an “SWC”) has its own ID and signature, description, code samples and remediation steps. In short, the SWC Registry contains everything you need to know to fix your smart contracts. Plus, it is both open source and community-managed.

Now let’s take a look at the registry itself.

Share this post:

A beginner’s guide to MythX

By Mike Pumphrey | Tuesday, November 26th, 2019

A detailed, step-by-step howto guide on how to use MythX with Remix, showing as well as the differences between MythX and MythX Pro.

MythX is a tool for finding smart contract weaknesses. For our single developers and dev teams, we offer two plans: MythX and MythX Pro.

(We also offer custom plans too; contact us for details.)

We recently posted about the differences between MythX and MythX Pro. But you may find it more useful to see an actual scenario involving testing a smart contract using MythX.

Let’s meet Sam.

Share this post:

Stepping into the light

By Mike Pumphrey | Tuesday, November 12th, 2019

MythX comes into its own, and creates a partnership with ConsenSys Diligence.

I would like to introduce you to the new MythX blog.

This is the place for the whole MythX team, including our researchers, developers, and (yes) marketing folks to be able to share news, tips, ideas, and consolation/hope for the state of security on the Ethereum platform.

(Looking for our old blog? It’s here.)

But first, some orientation, and how we got here.

Share this post: