Key Information

The challenge is finished.

Challenge Overview

The scope of this challenge is to create a Visual Studio Code Extension that performs security analysis on a Solidity source code file or on a folder of Solidity files. When activated with a menu item/button/shortcut, the extension should compile the code and submit the resulting bytecode to the Mythril security analysis API. The identified issues should be highlighted in the source code (similar to a linter such as Solhint).

Detailed Requirements

Mythril API
The Mythril API is located at:

It takes Ethereum bytecode as input and returns a JSON-formatted list of security issues. Your extension should first compile the contract(s) that need to be analyzed, and then perform the analysis via the a following API calls.

Submitting code for analysis

POST /mythril/v1/analysis HTTP/1.1
Content-Type: application/json
  "type": "bytecode",
  "contract": "60606040(..)"

  "result": "Queued",
  "uuid": "90a77fa8-96ed-4f4d-a774-39c6be468932"

Retrieving the analysis status

GET /mythril/v1/analysis/90a77fa8-96ed-4f4d-a774-39c6be468932 HTTP/1.1

  "result": "Finished",
  "uuid": "00faac12-6b88-4f2f-9ef1-63eedd4a47d5"

Retrieving the analysis results

GET /mythril/v1/analysis/90a77fa8-96ed-4f4d-a774-39c6be468932/issues HTTP/1.1

Returns a list of issues, or an empty list if no issues have been found. E.g.:

    "description": "Issue 1 Description.",
    "pcAddress": "648",
    "functionName": "_function_0x2e1a7d4d",
    "contract": "MAIN",
    "type": "Warning",
    "name": "Issue 1 name"

The analysis should run it in the background without blocking the UI (note that for complex contracts it can take up to a few minutes). Once the analysis is finished, the extension should highlight the lines of Solidity code that are affected by security issues, and list the issues in the “PROBLEMS” view or in an additional “SECURITY” view (if it's possible to add one).

Additional Information

  • Several Visual Studio plugins integrate solc, for example VSCode-Solidity. For the compilation part it might be possible to build on one of those plugins, ore use them as a dependency.
  • Each issue reported by Mythril contains a “pcAddress” field. This is the program counter address at which the issue occurs. solc has a “srcmap-runtime” output option that contains a mapping of pc addresses to source code lines.
  • In general, it is helpful to understand the command line options and output formats of the solc compiler. By using the —combined-json argument various types of output can be combined.
  • Note that the bytecode to be submitted is the runtime bytecode (bin-runtime).


Blockchain Community

This challenge is delivered to you by Topcoder Blockchain Community, please check and join the community, if you have not done it already: it will help us to bring you more blockchain-related challenges in future.

Final Submission Guidelines

Submit a ZIP archive with the source code and an extension package (,vsix).


2018 Topcoder(R) Open


Final Review:

Community Review Board


User Sign-Off


ID: 30062676