0x v3 Smart Contract Testing Case Study

Executive Summary

On December 2nd 2019, the 0x v3 release went live. The release included a significantly more complex exchange environment. As such, 0x sought out MythX, along with ConsenSys Diligence to perform a manual security audit, to increase confidence in the correctness of the smart contract code.

MythX performed the following techniques in the 3.0 branch of the 0x monorepo:

  • Run MythX Pro to check each smart contract individually for bugs 
  • Execute fuzzing campaigns on a live multi-contract environment using the Harvey greybox fuzzer
  • Formally verify security and correctness properties of the smart contracts using symbolic execution and greybox fuzzing 

As a result:

  • 37 potential issues were detected by MythX Pro
  • 149 potential issues were detected by MythX’s extended greybox fuzzing campaign
  • 5 custom contract properties were verified through custom checks

Continuously verifying the code using MythX, including the custom checks built-in this project, was recommended to prevent regressions and new security issues.

Download the Case Study