MythX (ConsenSys Diligence) shut down on March 31, 2026. If your team relied on MythX for smart contract security scanning, you're evaluating alternatives. This post compares ContractScan directly against what MythX offered, so you know exactly what you're getting.
What MythX Offered
MythX was a cloud-based security analysis platform that combined three analysis techniques:
- Static analysis — pattern-based vulnerability detection
- Symbolic execution (Harvey) — path-based formal analysis (MythX's core differentiator)
- Fuzzing (Scribble) — property-based testing
MythX's symbolic execution engine was its signature capability — it could reason about code paths that pure static analysis misses. The tradeoff: slower scan times and a subscription cost.
Feature-by-Feature Comparison
| Feature | MythX (pre-shutdown) | ContractScan |
|---|---|---|
| Static analysis | ✅ | ✅ Slither + Aderyn + Semgrep |
| Symbolic execution | ✅ Harvey | ✅ Mythril |
| Fuzzing | ✅ Scribble | ✅ Foundry Fuzz (Enterprise) |
| AI-powered analysis | ❌ | ✅ Full AI report |
| Free tier | ❌ Paid only | ✅ QuickScan free forever |
| API access | ✅ | ✅ Pro plan |
| CI/CD integration | ✅ | ✅ GitHub Actions workflow |
| Multi-file / zip upload | ✅ | ✅ |
| PDF report | ✅ | ✅ |
| SWC Registry mapping | ✅ | ✅ |
| DeFi hack intelligence | ❌ | ✅ Rekt.news + DeFiHackLabs |
| Audit report correlation | ❌ | ✅ Solodit + Code4rena + Sherlock |
| Price | $49-599/mo | Free / $4.99 / $59/mo |
Analysis Engine Comparison
Static Analysis
MythX used its own static analysis engine. ContractScan runs three independent static engines in parallel:
- Slither (Trail of Bits) — 250+ built-in detectors, widely adopted industry standard
- Aderyn (Cyfrin) — Rust-based, fast, focused on Solidity 0.8+
- Semgrep — pattern-based, highly customizable, catches code-quality and security issues
Running three engines improves coverage and reduces false negatives — what one engine misses, another may catch.
Symbolic Execution
MythX's Harvey was a proprietary symbolic execution engine. ContractScan uses Mythril — the open-source symbolic execution engine from ConsenSys that predated MythX and outlasted it. Mythril covers the same SWC vulnerability classes Harvey targeted.
AI Analysis
MythX had no AI analysis layer. ContractScan's AI engine reads the full contract and generates a structured report covering:
- Architectural risks and business logic flaws
- Vulnerabilities that pattern-based analysis can't detect
- DeFi-specific risks (flash loan attack surfaces, oracle manipulation vectors)
- Actionable remediation recommendations for each finding
The AI report is the most significant capability MythX didn't have.
Threat Intelligence
MythX scanned code in isolation — it had no knowledge of real-world exploits. ContractScan correlates findings against:
- Rekt.news — DeFi hack database
- DeFiHackLabs — root cause analysis database
- SWC Registry — Smart Contract Weakness Classification
- Solodit — aggregate of findings from major audit firms
- Code4rena — competitive audit findings
- Sherlock — audit findings with economic analysis
When ContractScan flags a reentrancy vulnerability, it can show you the specific exploits that used the same pattern — giving context that helps prioritize fixes.
Pricing Comparison
MythX pricing (before shutdown):
- Free: 3 scans/month, limited engines
- Developer: $49/mo
- Professional: $249/mo
- Enterprise: $599/mo
ContractScan pricing:
- Free (QuickScan): Unlimited — Slither + Semgrep, no AI report
- Pay-Per-Scan: $4.99/scan — all 5 engines + AI report
- Pro: $59/mo — unlimited scans, API, CI/CD
- Enterprise: Custom — Foundry Fuzz + team seats + SLA
ContractScan's pay-per-scan option has no equivalent in MythX — you don't need a subscription for occasional scanning.
CI/CD Integration
MythX had a GitHub Action and a Hardhat plugin. ContractScan has a documented GitHub Actions workflow that:
- Runs on every PR
- Blocks merge on Critical/High findings
- Posts results as PR comments
- Supports custom severity thresholds
# .github/workflows/security.yml
- name: ContractScan Security Check
uses: actions/checkout@v3
- name: Run ContractScan
run: |
curl -X POST https://contract-scanner.raccoonworld.xyz/ci/scan \
-H "X-API-Key: ${{ secrets.CONTRACTSCAN_API_KEY }}" \
-F "files=@src/MyContract.sol" \
-F "fail_on=High" \
| tee scan_result.json
jq -e '.security_grade != "F"' scan_result.json
Migration Guide
If you were using MythX:
1. For occasional scanning: Use ContractScan's free QuickScan or Pay-Per-Scan ($4.99). No account needed — just upload your file.
2. For CI/CD integration: Sign up for Pro, generate an API key, and use the GitHub Actions guide.
3. For hardhat-plugin users: The hardhat-mythx plugin is dead. Use ContractScan's REST API directly or the curl-based CI workflow above.
4. For the scan reports: ContractScan generates structured JSON and PDF reports in a similar format to MythX. The AI report section is new and has no MythX equivalent.
What ContractScan Doesn't Have (Yet)
To be direct:
- Truffle plugin: No Truffle integration (Truffle itself is deprecated)
- Remix plugin: No Remix IDE plugin currently
- Scribble-style property annotations: ContractScan doesn't parse Scribble annotations for targeted property checking
If you relied heavily on Scribble for property-based testing, Foundry invariant testing is the community-recommended alternative — and ContractScan's Enterprise plan includes Foundry Fuzz integration.
Start Migrating
Free QuickScan — no account required →
Upload your Solidity file and get Slither + Semgrep results in under 30 seconds. Upgrade for full 5-engine analysis with AI report.
MythX shutdown announcement: ConsenSys Diligence ended MythX on March 31, 2026. The service is no longer accepting scans.
Important Notes
This post is for informational and educational purposes only. It does not constitute financial, legal, or investment advice. The security analysis provided is based on available data and automated tools, which may not capture all potential vulnerabilities. Always conduct a professional audit before deploying smart contracts.