Life after MythX: A Drop-in Solidity Security API

SmartScan — Tue, 21 Apr 2026 03:19:41 +0000

On March 31, 2026, Consensys shut down MythX — the Solidity security API that had quietly sat inside many teams' CI for 6+ years.

I was one of those devs. My side-project Hardhat repo had a yarn security script pointing at MythX. One day it 500'd, and that's how I found out.

I looked around for a replacement. The options:

Run Slither locally — powerful, but compiler pinning, Docker, and false-positive triage eat an afternoon per project.
SolidityScan — $29.99 per 1,000 LOC per month, which scales weirdly if you're scanning the same small contract often.
CertiK / OpenZeppelin Defender — enterprise audit pricing ($10k+), not built for "I just want to sanity-check my DAO's treasury contract before a weekend upgrade."

So I built SmartScan. One POST request, structured audit JSON back, Solidity 0.8.x today, more EVM languages on the roadmap.

What a scan looks like

Here's a classic reentrancy vulnerability to scan:

pragma solidity ^0.8.0;
contract VulnerableBank {
    mapping(address => uint) public balances;
    function deposit() external payable {
        balances[msg.sender] += msg.value;
    }
    function withdraw() external {
        uint amount = balances[msg.sender];
        require(amount > 0);
        (bool success,) = msg.sender.call{value: amount}("");
        require(success);
        balances[msg.sender] = 0;
    }
}

Save it as VulnerableBank.sol, then scan it:

curl -X POST "https://smart-contract-security-scan.p.rapidapi.com/api/v1/scan/sync" \
  -H "Content-Type: application/json" \
  -H "X-RapidAPI-Key: YOUR_KEY" \
  -H "X-RapidAPI-Host: smart-contract-security-scan.p.rapidapi.com" \
  -d "$(jq -n --rawfile src VulnerableBank.sol '{source_code:$src, contract_name:"VulnerableBank"}')"

Get back structured findings:

LLM-reasoned triage means you don't drown in warnings you'd have to filter by hand. A risk score 0–100 gives you a single number to gate CI on.

Pricing (no per-LOC weirdness)

Free — 1 scan / month, entry-tier model
Starter — $48.9 / 100 scans
Pro — $134.9 / 300 scans
Business — $399 / 1,000 scans

Or one-off $9.9 / scan on our API.market listing if you don't want a subscription.

Who this is for

Indie Solidity devs with 2–10 repos who can't justify $5k+ per audit
Hackathon teams needing a quick sanity check before demo day
Small DAOs doing routine upgrades

If you're an enterprise with a $100k/year security budget, this isn't for you — CertiK and Trail of Bits serve that market. SmartScan fills the MythX-shaped hole: API-first, cheap enough to not think about, accurate enough to trust.

Try it

Landing page: 👉 smartscan.dev

Or go straight to the free tier on RapidAPI (no credit card, 1 scan/month): SmartScan listing.

If you try it, DM me on Twitter @smartscan_dev — I'm collecting feedback from the first 10 real users and giving 3 months of Pro free in exchange for 3 sentences: what worked, what didn't, what you'd pay.

DEV Community: SmartScan

Life after MythX: A Drop-in Solidity Security API

What a scan looks like

Pricing (no per-LOC weirdness)

Who this is for

Try it