If you've been using MythX for smart contract security analysis, you've likely already received the notice: MythX (ConsenSys Diligence) is shutting down on March 31, 2026. No more API access, no more CI scans, no more vulnerability reports after that date.
This post walks you through migrating to ContractScan — a free alternative that combines Slither static analysis, Semgrep pattern matching, and AI-powered vulnerability detection in a single scan.
What Happens to MythX on March 31?
MythX was a cloud-based smart contract analysis platform by ConsenSys Diligence. It offered symbolic execution and static analysis via a paid API. After March 31, 2026:
- All MythX API endpoints go offline
- Existing CI/CD pipelines using
mythx-clior the MythX SDK will fail - Paid subscriptions will no longer be honored
If you have active GitHub Actions, Hardhat plugins, or Truffle integrations built around MythX, they need to be replaced before March 31.
Why ContractScan Is a Strong MythX Alternative
| Feature | MythX | ContractScan |
|---|---|---|
| Static analysis | ✅ | ✅ Slither |
| Symbolic execution | ✅ | ✅ Mythril (optional) |
| Pattern-based detection | ❌ | ✅ Semgrep |
| AI-powered analysis | ❌ | ✅ Claude AI |
| Free tier | Limited | 3 scans/session, no sign-up |
| GitHub Action | ✅ | ✅ |
| Korean language reports | ❌ | ✅ |
| Self-hostable | ❌ | ✅ (open source) |
ContractScan runs multiple engines in parallel and synthesizes results into a single report with a security score, issue severity breakdown, and AI-generated remediation suggestions.
Quickstart: Scan Your First Contract
No account required. Visit contract-scanner.raccoonworld.xyz and paste your Solidity code directly, or scan by contract address.
For example, to scan the canonical reentrancy vulnerability:
pragma solidity ^0.8.0;
contract Vault {
mapping(address => uint) public balances;
function deposit() public payable {
balances[msg.sender] += msg.value;
}
function withdraw() public {
(bool ok,) = msg.sender.call{value: balances[msg.sender]}("");
require(ok);
balances[msg.sender] = 0; // state updated AFTER external call — reentrancy bug
}
}
ContractScan will flag the reentrancy pattern, explain the exploit path, and suggest the Checks-Effects-Interactions fix — all in one report.
Replacing MythX in Your GitHub Actions CI/CD
If your workflow looks like this:
# OLD: MythX-based workflow (will break after March 31)
- name: Run MythX
uses: ConsenSys/mythx-github-action@v1.1
with:
mythx-api-key: ${{ secrets.MYTHX_API_KEY }}
Replace it with ContractScan's GitHub Action:
# NEW: ContractScan (no API key required for free tier)
- name: Run ContractScan
uses: contractscan/action@v1
with:
path: contracts/
fail-on: high
The fail-on parameter lets you set the minimum severity that triggers a CI failure — low, medium, high, or critical. This matches MythX's SWC-level severity model.
Migrating from the MythX Python SDK
If you used the MythX Python client directly:
# OLD: MythX SDK (deprecated)
from mythx_cli.client import Client
client = Client(api_key="...")
response = client.analyze(source_files={"Vault.sol": source})
ContractScan offers a Python-compatible MCP tool and a REST API:
# Scan via REST API (no auth required for free tier)
curl -X POST https://contract-scanner.raccoonworld.xyz/api/scan \
-H "Content-Type: application/json" \
-d '{"source": "pragma solidity ^0.8.0; contract Vault {...}"}'
Or use the ContractScan MCP server inside Claude Code:
Scan contracts/Vault.sol for security vulnerabilities using ContractScan.
What the ContractScan Report Looks Like
A typical scan result includes:
- Security Score (0–100): overall contract health
- Findings by severity: Critical / High / Medium / Low / Informational
- Per-issue details: affected lines, exploit description, SWC reference (compatible with MythX's taxonomy)
- AI remediation: concrete code fix suggestions from Claude AI
- PDF export: audit-ready report for client delivery
Paid Plans (Coming Soon)
ContractScan's free tier covers 3 scans per session with no sign-up. Paid plans with unlimited scans, team workspaces, and priority support are coming soon. If you're migrating a team or enterprise MythX subscription, reach out early — we're onboarding teams ahead of the paid launch.
Summary
MythX shutting down is disruptive, but migrating is straightforward:
- Immediately: replace MythX GitHub Action with ContractScan's action
- This week: test your contracts at contract-scanner.raccoonworld.xyz (free, no account needed)
- Before March 31: remove all
mythx-clior MythX SDK references from your pipeline
ContractScan combines the static analysis depth you relied on from MythX with AI-powered insights that catch logic-level vulnerabilities symbolic execution misses. And it's free to start today.
ContractScan is an open-source smart contract security scanner. Free tier: 3 scans/session, no sign-up. GitHub Action available.