MIESC vs Competitors — Honest Head-to-Head¶
This document presents an honest comparison of MIESC against the most popular smart contract security tools. We measure findings count, execution time, and severity distribution on the same 5 vulnerable contracts.
Reproducibility: python benchmarks/competitor_comparison.py
Test Setup¶
- Contracts: 5 intentionally vulnerable (EtherStore, VulnerableDeFi, AccessControlFlaws, ReentrancyDAO, FlashLoanAttack)
- Environment: macOS ARM64 (Apple Silicon M5 Pro), 48GB RAM, Python 3.12
- Tool versions: Slither 0.11.3, Aderyn 0.6.x, Solhint 5.x, Echidna 2.3, MIESC 5.3.0
- MIESC mode:
miesc scan(Layer 1 + intelligence engine)
Quantitative Results (April 2026, v5.3.0)¶
| Tool | Raw findings | After intelligence | Time | Notes |
|---|---|---|---|---|
| Slither alone | 45 | — | 1.2s | Fast baseline, 100 detectors |
| Aderyn alone | 38 | — | 3.1s | Rust-based, Solidity 0.8+ only |
| MIESC (multi-tool) | 107 | 93 | 7.2s | Intelligence engine: ~13% noise reduction |
| Solhint | 0* | — | 3.7s | * Needs custom .solhint.json |
| Echidna | 0* | — | 0.6s | * Needs property contracts |
Key insight: MIESC's intelligence engine (v5.2.0+) takes 107 raw findings from Slither + Aderyn and produces 93 deduplicated, confidence-scored findings — each with a Bayesian confidence score, canonical category, and (for 34%) a copy-pasteable Solidity fix. The ~13% noise reduction comes from semantic deduplication (same vuln detected by both tools → 1 finding with higher confidence) and context-aware FP suppression.
Tunable strictness (v5.1.2+)¶
miesc scan contract.sol --fp-strictness off # Report everything
miesc scan contract.sol --fp-strictness low # Permissive
miesc scan contract.sol --fp-strictness medium # Default, balanced
miesc scan contract.sol --fp-strictness high # Aggressive for CI
EtherStore.sol by strictness: off=14, low=14, medium=11, high=9 findings.
Where MIESC is BETTER¶
1. Cross-tool validation¶
MIESC runs multiple tools and cross-validates findings. A reentrancy detected by both Slither and Aderyn has higher confidence than either tool alone.
2. Normalized output schema¶
All findings have unified format: {type, severity, location, swc_id, recommendation}. Slither/Aderyn each have their own JSON format that requires custom parsing.
3. AI insights per finding¶
Each finding includes plain-English llm_insights explaining business impact (when Ollama is running). No competitor offers this out-of-the-box.
4. Multiple report formats¶
- JSON (for tooling)
- Markdown (for PRs)
- PDF (for clients) — competitor tools don't have this
- SARIF (for GitHub Security)
- CSV (for spreadsheets)
5. Real-world exploit recall¶
On 11 historical DeFi exploits ($1.59B in combined losses), MIESC achieves 81.8% recall (Cohen's κ = 0.77) — higher than any single tool measured in Durieux et al. ICSE 2020 (best single tool: Slither 43.2%). On SmartBugs-curated (143 contracts), static + intelligence engine achieves 95.8% recall (137/143; reproducible Paper 1 profile), with a local Ollama follow-up reported at 97.9% (140/143) as a secondary claim.
6. Defense-in-depth¶
9 complementary layers (static, symbolic, fuzzing, formal verification, AI/LLM, pattern detection, DeFi-specific, exploit validation, consensus). No single competitor covers all of these.
7. Production-ready integrations¶
- GitHub Action with SARIF upload
- Docker images (multi-arch)
- Pre-built reports with CVSS, risk matrix, remediation roadmap
- MCP server (Model Context Protocol) for Claude Desktop integration
Where MIESC is WORSE¶
1. Speed: 5.6x slower than Slither alone (was 200x in v5.1.0)¶
MIESC: 8.5s vs Slither: 1.5s for 5 contracts.
What we improved (v5.1.2): - Made LLM enhancement opt-in per adapter (was auto-running 5 calls × 8s = 40s overhead) - Parallelized QUICK_TOOLS in scan command (ThreadPoolExecutor) - Removed Mythril from quick scan (90s/contract, opt-in via audit full)
What's left: - Lazy-load LLM/RAG/ChromaDB only when --llm-interpret is used - Reduce remaining adapter import overhead
For sub-second feedback, use Slither directly. Use MIESC when you need cross-tool consensus, normalized output, or AI-enhanced reports.
2. Aggressive false positive filtering¶
Slither raw output: 14 findings on VulnerableDeFi.sol. MIESC reports 4 (after FP filter).
The FP filter removes informational findings (e.g., solc-version, naming conventions) but may also drop real findings. Addressed in v5.1.2+ with --fp-strictness {off,low,medium,high} flag.
3. Fewer detectors than Slither alone¶
- Slither: 100+ built-in detectors
- Aderyn: 50+ detectors
- MIESC: uses Slither + Aderyn + 22 internal modules, but the internal modules don't cover the full Slither detector set
4. Heavier dependencies¶
MIESC requires: - Python 3.12+ - Multiple analysis tools (Slither, Aderyn, optionally Mythril) - Ollama for LLM features (~10-20GB models) - WeasyPrint for PDF generation (system libraries)
Slither: just pip install slither-analyzer.
5. No formal verification¶
- Certora Prover: Mathematical proofs (gold standard)
- Halmos / Foundry symbolic: Symbolic property testing
- MIESC: Has SMTChecker integration but doesn't generate property specs
Where MIESC is EQUAL¶
1. Open-source license¶
MIESC: AGPL-3.0. Same as Slither, Echidna, Halmos, Manticore.
2. Single-chain focus¶
MIESC: Solidity + experimental support for Vyper, Move, Solana, NEAR. Most competitors: Solidity-only. Certora: Best multi-chain (EVM + Solana + Stellar).
3. False positive rate¶
All static analysis tools have FP rates of 80-90%+ (recall-focused). MIESC's RAG-enhanced filter brings this down for known-safe patterns but is far from perfect.
When to Use What¶
| Use case | Recommended tool |
|---|---|
| Quick PR check (under 5s) | Slither alone |
| Pre-deploy comprehensive audit | MIESC audit full |
| Fuzzing with properties | Echidna or Medusa |
| Symbolic execution on bytecode | Mythril |
| Symbolic property verification | Halmos |
| Mathematical proofs | Certora (commercial) |
| Multi-tool report for clients | MIESC with PDF output |
| CI/CD integration | MIESC GitHub Action or Slither |
| Real-world exploit detection | MIESC (81.8% recall) |
Iterative Improvements (Shipped + Roadmap)¶
Shipped in v5.1.2–v5.3.1: 1. ✅ FP filter tuning: --fp-strictness {off,low,medium,high} flag 2. ✅ Multi-chain: Native support for Move, Cairo, Solana (77 vuln types) 3. ✅ Formal verification: miesc specs generates CVL/Scribble/SMTChecker 4. ✅ Intelligence engine: ~30% noise reduction, semantic dedup, fix-code generation 5. ✅ Automated remediation: miesc fix (Paper 2 on SmartBugs-curated: 123/143 fixes applied, 123/123 compile standalone, 86/123 eliminate the finding on re-scan, 121/123 no-regression)
Remaining after v5.4.x: 1. Speed: Lazy-load LLM/RAG/ChromaDB (currently imported on every command) 2. Foundry test gen: Auto-generate failing tests from exploit_scenario 3. Empirical calibration: Replace educated-guess tool weights with measured precision
Sources¶
- Tool benchmarks:
benchmarks/results/competitor_comparison_*.json - SmartBugs evaluation:
benchmarks/results/SMARTBUGS_SCIENTIFIC_REPORT.md - Real exploit evaluation:
benchmarks/evaluate_exploits.py - Academic baseline: Durieux et al., ICSE 2020
Last updated: April 23, 2026 | Run python benchmarks/competitor_comparison.py to reproduce.