U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

Combinatorial Testing

Magic mirror vulnerability testing tool

MagicMirror is a white-box fuzzing tool written mainly in Python 3 for Solidity Smart Contracts. It supports the detection of 9 popular security vulnerabilities. It is easy to use and provides various informative reports as output. MagicMirror is fast and can generally achieve high code coverage on many contracts. MagicMirror utilizes techniques that include constraint solving, random test generation, random state exploration, coverage and data dependency guided fuzzing, and combinatorial testing. 

DOWNLOADS:  https://magic-mirror.gitbook.io/magicmi/

MagicMirror works on both Linux and Windows with minimal dependency requirements, as well as a Docker image that would work in any environment as long as Docker is supported. 


  • Detects 9 security vulnerabilities, e.g., reentrancy, exception disorder, and dangerous delegate call.

  • Achieve high code coverage on most contracts.

  • Fast transaction execution via production Geth EVM.

  • Supports contracts written with Solidity >= 0.4.0.

  • Multiplatform support, releases in Docker image, Windows executable, Linux executable. 

  • Automatic solc compiler version detection and switching. Users do not need to manually install and switch solc compilers. 

  • Geth EVM included and fully configured with a custom wrapper. Users do not need to configure EVM on their own. 

  • Informative coverage reports, detailed test cases for reproducing every detected vulnerability. 

Created May 24, 2016, Updated October 12, 2021