Reduce execution time of Mythril: Symbolic execution + static Analysis[part 3] | by sam Cheung | Coinmonks | Jan, 2023

Introduction

The drawback of the symbolic execution is path explosion. The details go to the previous article. To reduce the possible path execution in symbolic execution, we can use static Analysis.

What can you learn after reading this article?

1. Introduction to static analysis tool — Slither
2. Briefly introduce how to guide the symbolic execution using static analysis
3. what to do before using static analysis to analyse the program

New to trading? Try crypto trading bots or copy trading on best crypto exchanges

Static Analysis

Static Analysis is the automated analysis of source code without executing the application. To have a further understanding, let’s dive into how the slither work.

Firstly, it takes the Solidity Abstract Syntax Tree(AST) generated by the Solidity compiler as initial input. Then generates important information, such as contract inheritance, control flow graph and solidity expression. Slither then translates the code into SlithIR to enable high-precision analysis via a simple API. It supports taint and value tracking to enable the detection of complex patterns.

To finish the detection by itself, Slither to finish the vulnerability detection. Slither runs a set of pre-defined analyses that provide enhanced information to other modules (e.g., computing data flow, protected function calls, etc.)

Introduce how to guide the symbolic execution.

In order to solve the problem of path explosion, we can use static analysis to reduce the number of paths. The static analysis uses the smart contract as input, converted into intermediate code to find out the potential vulnerability path-caused vulnerability. In this step, we should give out the properties that the path will cause vulnerability. After that, eliminate the other path. Finally, use symbolic execution to execute the remaining path.

what to do before using static analysis to analyse the program

Before static analysis, we should define the properties of the path that may contain the vulnerability. So that we can mark down the path during static analysis and guide the symbolic execution.

Previous Article:

1. Smart Contract — how its works[part 1]
2. Mythril — Security analysis tool for Ethereum smart contracts[part 2]
3. Reduce execution time of Mythril: Symbolic execution + static Analysis[Part 3]

Join Coinmonks Telegram Channel and Youtube Channel learn about crypto trading and investing