By name: analyzing-ethereum-smart-contract-vulnerabilities description: Perform static and symbolic analysis of Solidity smart contracts using Slither and Mythril to detect reentrancy, integer overflow, access control, and other vulnerability classes before deployment to Ethereum mainnet. domain: cybersecurity subdomain: blockchain-security tags:
- ethereum
- solidity
- smart-contract
- slither
- mythril
- blockchain
- defi
- audit version: '1.0' author: mahipal license: Apache-2.0 nist_csf:
- PR.DS-01
- PR.DS-02
- ID.RA-01
Analyzing Ethereum Smart Contract Vulnerabilities
Overview
Smart contract vulnerabilities have led to billions of dollars in losses across DeFi protocols. Unlike traditional software, deployed smart contracts are immutable and handle real financial assets, making pre-deployment security analysis critical. Slither performs fast static analysis using an intermediate representation to detect over 90 vulnerability patterns in seconds, while Mythril uses symbolic execution and SMT solving to discover complex execution path vulnerabilities like reentrancy and integer overflows. This skill covers running both tools against Solidity contracts, interpreting results, triaging findings by severity, and generating audit reports.
When to Use
- When investigating security incidents that require analyzing ethereum smart contract vulnerabilities
- When building detection rules or threat hunting queries for this domain
- When SOC analysts need structured procedures for this analysis type
- When validating security monitoring coverage for related attack techniques
Detection Gaps & Validation
- Vulnerability classes to cover deliberately: reentrancy (cross-function and read-only), integer overflow/underflow in pre-0.8.0 or
uncheckedblocks, access-control gaps (missingonlyOwner, unprotectedinitialize), anddelegatecall/ storage-collision bugs in proxies. - Tool false negatives: Slither and Mythril routinely miss bugs behind proxy patterns (EIP-1967/UUPS/Diamond) because the implementation is reached only through
delegatecall. Run Slither with--compile-force-frameworkagainst the full project and point Mythril at the implementation contract directly, not the proxy. - Economic and oracle logic is invisible to static tools: price manipulation, flash-loan attack paths, slippage, and rounding abuse will not appear in detector output. These require manual review of the protocol's invariants.
- How to confirm a hit (avoid false positives/negatives): turn each candidate finding into a PoC exploit on a mainnet fork using Foundry (
forge test --fork-url), and assert the attacker balance actually increases or the invariant breaks. A detector flag with no working PoC stays "suspected," not "confirmed." - Don't conclude "safe" until you've run both tools, manually reviewed access control and external-call ordering, modeled economic/oracle assumptions, and fuzzed key invariants (
forge testwith invariant/fuzz harnesses).
Prerequisites
- Python 3.10+ with pip
- Slither (pip install slither-analyzer) and solc compiler
- Mythril (pip install mythril) with solc-select for compiler version management
- Solidity source code or compiled contract bytecode
- Foundry or Hardhat development framework (optional, for project-level analysis)
Steps
Step 1: Run Slither Static Analysis
Execute Slither against the contract codebase to identify vulnerability patterns, optimization opportunities, and code quality issues using its 90+ built-in detectors.
Step 2: Run Mythril Symbolic Execution
Run Mythril deep analysis to explore execution paths and discover reentrancy, unchecked external calls, and arithmetic vulnerabilities that require path-sensitive analysis.
Step 3: Triage and Correlate Findings
Combine results from both tools, deduplicate findings, assess severity based on exploitability and financial impact, and filter false positives.
Step 4: Generate Audit Report
Produce a structured audit report with vulnerability descriptions, affected code locations, exploit scenarios, and remediation recommendations.
Expected Output
JSON report listing vulnerabilities with SWC (Smart Contract Weakness Classification) identifiers, severity ratings, affected functions, and suggested fixes.