Table of Contents
This security assessment was conducted on the Maldo platform, a decentralized marketplace that connects service providers with clients through blockchain-based smart contracts. The platform enables gasless transactions, reputation tracking, and secure deal execution with escrow protection.
The security review covered three main components:
maldo-contracts/)Solidity-based contracts managing the core marketplace functionality, including user registration, service listings, deal creation, ratings, and badge-based reputation system. Integration with Kleros escrow for dispute resolution.
marketplace_back/)Node.js/Express backend providing REST API endpoints for user management, service channels, proposals, and blockchain integration. Uses MongoDB for persistence and integrates with various third-party services.
wallets-api/)Account Abstraction service implementing ERC-4337 standard to enable gasless transactions for end users. Manages domain-based smart accounts and interfaces with Pimlico bundler infrastructure.
Our review combined manual code analysis, automated tooling, architecture evaluation, and threat modeling to identify security vulnerabilities, design weaknesses, and opportunities for improvement across the entire stack.
This report is structured into the following sections: