If you've been using MythX for smart contract security analysis, the deadline has passed: MythX (ConsenSys Diligence) officially shut down on March 31, 2026. API access is offline, and existing scans no longer function.
This post walks you through migrating to ContractScan — a free alternative that combines Slither static analysis, Semgrep pattern matching, and AI-powered vulnerability detection in a single scan.
MythX Is Now Offline
MythX was a cloud-based smart contract analysis platform by ConsenSys Diligence. As of April 1, 2026:
- All MythX API endpoints are offline
- Existing CI/CD pipelines using
mythx-clior the MythX SDK are failing - Paid subscriptions are no longer active
If you have active GitHub Actions or Hardhat plugins built around MythX, they need to be replaced immediately.
Why ContractScan Is a Strong MythX Alternative
| Feature | MythX | ContractScan |
|---|---|---|
| Static analysis | ✅ | ✅ Slither |
| Symbolic execution | ✅ | ✅ Mythril (optional) |
| Pattern-based detection | ❌ | ✅ Semgrep |
| AI-powered analysis | ❌ | ✅ Claude AI |
| Free tier | Limited | Unlimited QuickScan, no sign-up |
| CI/CD integration | ✅ | ✅ (Pro plan) |
ContractScan runs multiple engines in parallel and synthesizes results into a single report with a security score, issue severity breakdown, and AI-generated remediation suggestions.
Quickstart: Scan Your First Contract
No account required. Visit contract-scanner.raccoonworld.xyz and paste your Solidity code directly, or scan by contract address.
For example, to scan the canonical reentrancy vulnerability:
pragma solidity ^0.8.0;
contract Vault {
mapping(address => uint) public balances;
function deposit() public payable {
balances[msg.sender] += msg.value;
}
function withdraw() public {
(bool ok,) = msg.sender.call{value: balances[msg.sender]}("");
require(ok);
balances[msg.sender] = 0; // state updated AFTER external call — reentrancy bug
}
}
ContractScan will flag the reentrancy pattern, explain the exploit path, and suggest the Checks-Effects-Interactions fix — all in one report.
Replacing MythX in Your GitHub Actions CI/CD
The fastest free replacement for MythX in CI is Slither via the official GitHub Action:
# FREE: Slither static analysis (replaces MythX static layer)
- name: Run Slither
uses: crytic/slither-action@v0.4.0
with:
target: 'contracts/'
Slither is the open-source static analyzer from Trail of Bits that MythX was partially built on. It catches most of the same vulnerability patterns.
ContractScan CI API (Paid Plans)
For teams that want Slither + AI analysis + multi-engine scanning in CI, ContractScan offers a CI/CD API on paid plans:
# ContractScan CI scan (requires Pro/Enterprise API key)
- name: Run ContractScan
run: |
curl -X POST https://contract-scanner.raccoonworld.xyz/ci/scan \
-F "file=@contracts/MyContract.sol" \
-H "X-Api-Key: ${{ secrets.CONTRACTSCAN_API_KEY }}" \
--fail-with-body
The CI endpoint returns structured JSON with severity levels (low, medium, high, critical), matching MythX's SWC-level severity model. Use the response to fail your pipeline on findings above your threshold.
You can also scan contracts for free on the web UI — unlimited QuickScans, no account needed.
Migrating from the MythX Python SDK
If you used the MythX Python client directly:
# OLD: MythX SDK (deprecated)
from mythx_cli.client import Client
client = Client(api_key="...")
response = client.analyze(source_files={"Vault.sol": source})
ContractScan offers a Python-compatible MCP tool and a REST API:
# Scan via REST API (no auth required for free tier)
curl -X POST https://contract-scanner.raccoonworld.xyz/api/scan \
-H "Content-Type: application/json" \
-d '{"source": "pragma solidity ^0.8.0; contract Vault {...}"}'
Or use the ContractScan MCP server inside Claude Code:
Scan contracts/Vault.sol for security vulnerabilities using ContractScan.
What the ContractScan Report Looks Like
A typical scan result includes:
- Security Score (0–100): overall contract health
- Findings by severity: Critical / High / Medium / Low / Informational
- Per-issue details: affected lines, exploit description, SWC reference (compatible with MythX's taxonomy)
- AI remediation: concrete code fix suggestions from Claude AI
- PDF export: audit-ready report for client delivery
Pricing
ContractScan's free tier offers unlimited QuickScans with no sign-up. For full multi-engine scans (Slither + Mythril + Semgrep + AI), upgrade to Pro at $59/mo or use Pay-per-scan at $11.90/scan. See the pricing page for details.
Summary
MythX shutting down is disruptive, but migrating is straightforward:
- Immediately: replace MythX GitHub Action with ContractScan's action
- This week: test your contracts at contract-scanner.raccoonworld.xyz (free, no account needed)
-
Before March 31: remove all
mythx-clior MythX SDK references from your pipeline
ContractScan combines the static analysis depth you relied on from MythX with AI-powered insights that catch logic-level vulnerabilities symbolic execution misses. And it's free to start today.
ContractScan is a smart contract security scanner. Free tier: unlimited QuickScans, no sign-up. CI/CD API and VS Code extension coming soon.
Try ContractScan free at contract-scanner.raccoonworld.xyz
Top comments (0)