Run Mythril tool using hardhat on contracts?

Question

Mythril fails to import remotely and all-time searches in the local file system - to solve this I used Hardhat to compile my contract - and hardhat compiled contract.
Now I am stuck on How to run Mythril on the contract using Hardhat to compile the solidity file.

npx hardhat compile // this comiles contract
myth -a FILENAME.sol --execution-timeout 10 //

myth compiles file.sol using solc compiler and again gives import error - NOW HOW TO USE HARDHAT compiled solidity and RUN it on mythril.

score 0 · Answer 1 · answered Nov 04 '22 at 19:00

A workaround to what you're trying is that you could flatten your contract in order to run Mythril. That should give no import issues since all is in a single file.

I usually do this (for Slither and Mythril analysis) when I want to run a test on a single contract inside a big project, or when having similar import issues and don't want to spend too much time figuring out how to solve it.

score 0 · Answer 2 · answered Jan 28 '23 at 13:14

The Solc compiler fails to compile smart contracts with import statements, which is a known issue and a dead end.

During my research, where I am analyzing false positives reported by symbolic analysis tools such as Mythril or Manticore, I was able to find a way to compile and analyze all kinds of contracts without any hassle.

Solution:

install hardhat [https://hardhat.org/hardhat-runner/docs/getting-started#installation]
Place all your smart contracts in Hardhat's contracts repository.
Run npx hardhat compile in Hardhat's contracts directory.
Hardhat will compile all of your contracts and will place them in test directory
Hardhat provides Bytecode plus Addresses of your compiled contracts.
Now you can easily analyze your smart contracts on their bytecodes or addresses.
For Mythril Address myth a -a <address> --infura-id <INFURA API KEY> ---execution-time 3600
For Mythril Bytecode copy Bytecode and place in a file with extention .asm
Run on Mythril Bytecode myth a --bin -f <filename.asm> --execution-time 3600strong text
Get INFURA API KEY from their online site

You can easily get analysis using this method without any hassle also all of the contracts get compiled at once. It took 2 weeks of effort to find this method, and I was able to analyze and get all the vulnerabilities.

Check my Research on Github a link

Run Mythril tool using hardhat on contracts?

2 Answers2

The Solc compiler fails to compile smart contracts with import statements, which is a known issue and a dead end.

Solution:

You can easily get analysis using this method without any hassle also all of the contracts get compiled at once. It took 2 weeks of effort to find this method, and I was able to analyze and get all the vulnerabilities.