Matildapp: A framework for Web3 environments in the field of cybersecurity and pentesting
Matildapp
In our modern, interconnected world, the concept of Web3, also known as the decentralized web, represents the next significant shift in Internet technology. Web3, underpinned by blockchain technology and smart contracts, offers unprecedented decentralization, transparency, and user sovereignty possibilities. However, with these new possibilities come new challenges – one of the most crucial is security. Web3’s decentralized nature eliminates central points of failure typical in Web2 applications, leading many to view it as inherently more secure. However, the security dynamics in Web3 are different, and a unique set of vulnerabilities has emerged. The secure design, development, and operation of Web3 applications and platforms have become crucial skills in the rapidly evolving digital landscape. It’s no longer sufficient to build on top of blockchain technologies; developers, cybersecurity professionals, and even end-users must grasp the principles of securing these systems.
‘Matildapp‘ (Multi Analysis Toolkit -by IdeasLocas- on DAPPs) is an Open Source project providing a framework for Web3 environments in the field of cybersecurity and pentesting. The tool offers modules to interact with different types of blockchains and to conduct SAST and DAST evaluations of potential vulnerabilities in smart contracts. The tool is designed to be modular, allowing for the addition of new modules and functionalities.
Prerequisities
‘Matildapp‘ is written in Python and uses libraries to work with Web3 such as pyweb3 and py-solc-x. Version management of these libraries is crucial, as well as the Python version used. It has been tested to work in a Python environment with version 3.10.14 and pyweb3 version 5.31.4 and py-solc-x version 2.0.2.
Other versions of Python and the libraries could cause issues preventing the tool from running correctly.
A requirements.txt file should be executed the first time the tool is started using pip install -r requirements.txt. Again, the pip version should correspond to a tested Python version like 3.10.14.
For working in a blockchain test environment, it is also necessary to have a utility that provides this service. Tools like Ganache or Hardhat can be used for this purpose.
