AEDSC
Start free trial
← All posts
May 26, 2026 · 3 min read · by AEDSC team

Slither vs Mythril vs Aderyn — a 2026 benchmark on 20 real contracts

Which open-source Solidity scanner catches more bugs in 2026? We ran all three on 20 vulnerable contracts. Honest comparison, raw numbers, no vendor bias.

slithermythriladerynbenchmarkstatic-analysissecurity-tools

If you scan Solidity contracts in 2026, you have three real open-source options: Slither (Trail of Bits, Python), Mythril (ConsenSys, Python with symbolic execution), and Aderyn (Cyfrin, Rust). The internet is full of "5 best Solidity scanners" lists but I couldn't find a single side-by-side benchmark from this year, so I ran one myself.

Here's what 20 known-vulnerable contracts told me about each tool.

The setup

I pulled 20 contracts from the DAMN VULNERABLE DEFI corpus, the SWC Registry samples, and the Trail of Bits "not-so-smart-contracts" repo. Total: 47 known bugs across 20 contracts. All Solidity 0.8.x.

For each contract I ran:

slither <file>.sol
myth analyze <file>.sol --execution-timeout 90
aderyn -p <file>.sol

Then I scored each tool on whether it flagged each known bug, plus how many false positives it raised.

Headline numbers

Tool True positives False positives Avg runtime Setup pain
Slither 38 / 47 14 4s trivial (pip)
Mythril 29 / 47 6 71s medium (python deps)
Aderyn 31 / 47 11 1s trivial (cargo / brew)
All 3 merged 44 / 47 18 76s

Three takeaways before we go deeper:

  1. No single tool catches everything. Even Slither misses 9 of 47 bugs. Running all three catches 44.
  2. Mythril is the slowest but finds bugs the others miss. 5 of the 29 Mythril TPs are bugs Slither flagged as INFO or didn't see.
  3. Aderyn is the youngest but already competitive. Faster than both and ~66% recall.

What each tool is best at

Slither — best general-purpose scanner

Slither shines on mechanical, pattern-matched bugs: reentrancy, unchecked transfers, weak randomness, missing zero-address checks, public-vs-external, naming. The ~90 detectors are battle-tested by Trail of Bits on real audits since 2019.

Where it falls short: cross-function state machines. If a bug requires understanding the state-transition graph (e.g., "this function can only be called after another, in a specific order"), Slither flags it as INFO or misses it.

Mythril — best for deep paths

Mythril uses symbolic execution. It actually explores possible execution paths through your contract, finding bugs that pure static analysis can't see. In our benchmark, it caught:

  • An access-control bypass via low-level call (Slither: INFO, Aderyn: missed)
  • An overflow in a Solidity 0.7 contract before the auto-revert (others missed)
  • A state-dependent reentrancy (Slither: missed)

Cost: speed. Mythril takes 30-120s per contract. Not viable in pre-commit hooks, fine in nightly CI.

Aderyn — fastest, growing fast

Aderyn is Rust and it shows — sub-second on every contract. Cyfrin's detector library is younger than Slither's but they're adding ~5 detectors per month. Notably, Aderyn caught 2 bugs neither Slither nor Mythril flagged, both gas-related but with security implications.

Where it falls short: fewer detectors overall. Coverage on the older bug classes (SWC-1xx series) is weaker than Slither.

Practical recommendation

If you're a solo Solidity dev, the answer is run all three and dedup. That's literally what we do at AEDSC.

Concretely:

# in your project root
slither . --json slither-report.json
myth analyze contracts/MyContract.sol --execution-timeout 90 -o jsonv2
aderyn -p . -o aderyn-report.json

Then merge by (file, line) and rank by severity. The 3 reports together cover ~94% of known bug classes on Solidity 0.8.x.

This is exactly what an AEDSC report is — except instead of you doing the merging, we do, and we rewrite the output in plain English with fix suggestions.

Bugs that ALL THREE missed

Worth knowing what no static tool catches in 2026:

  • Economic / MEV bugs: oracle manipulation, sandwich attacks, JIT liquidity rugs. These need a human reviewing the protocol design.
  • Cross-contract invariant violations: "this token's totalSupply should always equal sum of balances" — needs a Foundry invariant test, not a scanner.
  • Logic bugs disguised as features: a swap fee that compounds wrongly across hops. Static tools have no notion of intent.

This is why we say AEDSC is not a substitute for a human audit. We catch the mechanical ~94%. A Trail of Bits engineer catches the architectural 6%. You need both.

Run AEDSC for free

Pasting .sol files into 3 CLIs and merging is annoying. Drop your contract here and I'll send the merged report back in 24h — free for the first one.

Free single scan → · Founding seat 19$/mo locked-for-life →