Docker system and Web3 tooling aggregator for Security Researchers
Web3 Tooling has increased over the years. While some significant steps have been made, there’s still more progress to be achieved.
Why did I build this? A brief introduction
Back in the day, as I began my journey in the web3 security space, Secureum included a chapter about tooling. At that time, I believed it was the holy grail of bug detection. Driven by that excitement, I experimented with various tools, including Trail of Bits tools using the eth-security-toolbox.
This was a user-friendly Docker machine with all necessary dependencies pre-installed, ensuring an easy setup with zero issues. Plus, it operated in isolation as a container, effectively separating work from personal activities and offering an easily replicable environment.
After that, more tools emerged, like Foundry. Unfortunately, some weren’t entirely compatible with the eth-security-toolbox. But after some workarounds, I managed to get everything I needed on my system!
Wait… is that a blue screen? Oh, god...
Well… it’s ok… Time to set up everything again! ^~^
So I had the pleasure of reinstalling everything, which for some unexpected reason, consumed a lot of time. Having to reinstall new tools or to install them in new computers struck me as inefficient. This led me to wonder:
Can I just have an easy to set environment with all set up beforehand? Or at least easy to set without doing research and dealing with bugs?
Auditor Toolbox Features
Link to the repository
Base Setup:
- Operating System: Ubuntu Jammy (22.04)
- Utilities: Git, Curl/wget, gawk/ripgrep, z3, pandoc, openssh-client, texlive, solidity plugins for Vim, etc.
- Ethereum dependencies.
Languages & Frameworks:
- Python: Version 3.9
- Rust: Comprehensive setup with Cargo
- Julia: Built-in support.
- Noir: Support for the Noir language (Nargo).
- Circom: Framework for zkSNARK circuits.
Web3 Tools for security:
It includes not only dependencies but tools from well known companies, developers and contributooors:
- Foundry as modular toolkit for Ethereum application development written in Rust. It includes: Forge, Anvil, Cast, and Chisel. Author Paradigm.
- Halmos for Symbolic Bounded Model Checker for Ethereum Smart Contracts Bytecode. Author a16z.
- Heimdall for advanced EVM smart contract toolkit specialized in bytecode analysis. Author Jon-Becker.
- Slither, Echidna, Medusa Fuzzer, Manticore, and Etheno, solc-select and crytic compile. Author Trail of Bits.
- Extra Slither detectors, specialized detectors for Slither. Author Pessimistic.io.
- Prover tool for symbolic analysis. Author Certora.
- Mythril for smart contract analysis. Author Consensys.
- Spearbit Report Generator, all needed dependencies to use the report generator in Spearbit audits
- Python developer kit: It includes Vyper, Ape-Vyper, Py-solc-x and pyevwasm, can be found in.
Package Management and Node:
- NVM: Node Version Manager to switch between different Node.js versions.
- Node: Long Term Support (LTS) version.
- Package Managers: npm, yarn, and pnpm.
VSCode Extensions:
- There is also an option in the installer to install the most common extensions for Security Researchers. Really useful for beginners or new installations.
Custom scripts:
- add2 / add2box: Shortcut to the installer which will do the whole installation for different tools without leaving the CMD.
- add2-update: Shorcut to the updater which will sync the scripts and templates folder with the latest version of them in the repo. This is for useful for fixes or to get the installer of a new tool.
- issue: For bug hunters mostly. Sometimes I was auditing some contest and I prefer to write first the issues locally, then submit them after reviewing all of them. The issue, is that the templates are different in the platforms, and sometimes you need to log in to get the template, so why not to run issue c4 or issue sh to create a Code4rena or Sherlock issue and open it in your editor instantly? It also have support for Spearbit and Codehawks templates.
- solc-docs --book: Downloads the latest solidity lang documentation and tries to open the pdf file.
For more info go to the table with all the features or to the references page in the wiki, where all the links to the packages are included.
Practical use cases and reasons
So I was in some random event talking with Cryptonicle and p_misirov about the idea “Is it really needed? Would people use it? What should include, what use cases would it have…”. In my case, it was a totally yes, so I looked for the reasons.
- Core dependencies and tools. Most of the tools and core dependencies are always installed, dealing with all of them in one installation creates a fast and nice user experience.
- Newbie friendly. Newcomers won’t need extensive research to find invaluable tools. Simplifying tool adoption for novices facilitates a deeper and faster immersion into the ecosystem.
- Plug and play, install it and feel free to start working in less than 10 minutes. You don’t need to bring your computer everywhere you go, you just need any computer and use this docker to have your setup ready for a random contest wherever you are.
- Time. Replication. Portability. It saves a lot of time not having to configure a system and removes a lot of worry about having issues in one computer as you can go to a secondary one and keep working.
- Capture the Flag. You can bring it into Capture the Flag competitions as it is fully equipped with standard tools. We can find compilers and decompilers, static analyzers, fuzzers, symbolic analysis, formal verification… users won’t need to do research for tools and installation, just to find their path to the solution!
What Makes an Effective Docker Machine?
In my quest to design a high-quality Docker machine, I gathered insights through introspection, discussions, and research:
- Tools: Packing essential tools and utilities expedites tasks and simplifies installations. This Docker machine’s hallmark is its comprehensive bundle that allows for auditing in a complete, testable environment in under 10 minutes.
- Convenience: Reduces the time and effort required to set up your working environment for audits.
- Flexibility: The base of the machine is a simple ubuntu 22:04 with a lot of packages installed to ease the configuration of later software that can be used. After that, all comes in the form of installer to install your needs, this installer will be updated with new features but it won’t break any base machine.
- Memory: Less is more. This is why it’s focused in the most commonly used tools to be integrated into the Dockerfile, while niche or memory-intensive tools are kept separate in the installer script.
- Consistency: The same Docker container will run identically on any machine. It’s the same if you are using Windows, MacOS, or Linux, it should always run the same.
- Open Source: Being open source allows transparency, easy customization and contributions by the community.
- Isolation: Containers provide isolation, ensuring that they do not interfere with each other or with the host system.
Next Steps
- Introduce niche versions tailored for zero knowledge, formal verification, symbolic execution, etc.
- Incorporate a toolkit for golang and associated golang tools.
- Elevate the user experience.
- Decrease certain installation durations.
- Launch a regular newsletter detailing the latest advancements.
- Regularly update versions as years progress.
Acknowledgments
A big shoutout to Cryptonicle and p_misirov for their continuous dialogue on potential features for the machine.
A hearty thank you to both of them and to eugenioclr for their invaluable help in testing and consistently spotting bugs that eluded me.
