By Mike Pumphrey | Tuesday, January 7th, 2020
We recommend using MythX through every stage of the smart contract development life-cycle, before, during, and after deployment.
(Note: This post was originally published in June 2019 and has been updated.)
We talk a lot here on the MythX team about the importance of regular, routine analysis of your smart contracts prior to deployment onto the blockchain.
The reason for this is simple: once the contract is deployed, it is immutable. Any vulnerability in your code that you deployed will be there forever.
In this way, you can think of contracts on the blockchain like embedded systems. Once the widget is sent out of the factory, it will always do whatever it was programmed to do. Forever.
(Which, incidentally, is why we should probably be slightly concerned about the Year 2038 problem. Yikes!)
Before and during
Our prescription is easily told: we recommend using MythX through every stage of the smart contract development life-cycle.
We also highly recommend a manual audit before you deploy, to find the business logic errors that an automated tool can’t detect. (We might be biased, but we can’t say enough good things about the team of auditors at ConsenSys Diligence.)
But all of that happens before deployment. What about after deployment? Can you just kick back and wash your hands of the whole security thing?