auditContract
Analyze and audit Ethereum smart contracts for vulnerabilities and compliance by inputting contract address and chain details via the ethereum-tools MCP server.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| address | Yes | ||
| chain | No | eth |
Implementation Reference
- tools/audit.js:26-52 (handler)Core handler logic for the 'auditContract' tool. Creates Web3 instance, calls analyzeAddress helper, formats results into MCP content response, and handles errors gracefully.async ({ address, chain }) => { try { // Use the web3 instance from the environment variable or default public node console.error('Creating Web3 instance with URL:', process.env.ETH_RPC_URL); const web3 = new Web3(process.env.ETH_RPC_URL || 'https://eth.llamarpc.com'); // Perform the contract analysis console.error('Analyzing address:', address); const result = await analyzeAddress(web3, address); // Format the output for MCP response return { content: [{ type: "text", text: formatAnalysisResults(result) }] }; } catch (error) { console.error('Error in auditContract:', error); return { content: [{ type: "text", text: `Error analyzing contract: ${error.message}` }] }; } }
- tools/audit.js:22-25 (schema)Zod input schema validating 'address' as a 42-character hex Ethereum address starting with 0x, and optional 'chain' defaulting to 'eth'.{ address: z.string().regex(/^0x[a-fA-F0-9]{40}$/, "Invalid Ethereum address"), chain: z.string().optional().default("eth") },
- tools/audit.js:19-55 (registration)Module-level registration function exported as registerAuditTool(server), which calls server.tool to add 'auditContract' with schema and inline handler to MCP server.export function registerAuditTool(server) { console.error('Registering audit tool...'); server.tool("auditContract", { address: z.string().regex(/^0x[a-fA-F0-9]{40}$/, "Invalid Ethereum address"), chain: z.string().optional().default("eth") }, async ({ address, chain }) => { try { // Use the web3 instance from the environment variable or default public node console.error('Creating Web3 instance with URL:', process.env.ETH_RPC_URL); const web3 = new Web3(process.env.ETH_RPC_URL || 'https://eth.llamarpc.com'); // Perform the contract analysis console.error('Analyzing address:', address); const result = await analyzeAddress(web3, address); // Format the output for MCP response return { content: [{ type: "text", text: formatAnalysisResults(result) }] }; } catch (error) { console.error('Error in auditContract:', error); return { content: [{ type: "text", text: `Error analyzing contract: ${error.message}` }] }; } } ); console.error('Audit tool registered successfully'); }
- main.js:63-63 (registration)Explicit call to registerAuditTool in main server initialization, adding the auditContract tool to the MCP server instance.registerAuditTool(server);
- tools/audit.js:63-154 (helper)Primary helper function performing detailed Ethereum address analysis: contract detection, Etherscan verification, bytecode/source/ABI retrieval, standard detection, and basic security scanning.async function analyzeAddress(web3, address) { try { // Validate address if (!web3.utils.isAddress(address)) { throw new Error('Invalid Ethereum address format'); } // Clean and format the address const formattedAddress = web3.utils.toChecksumAddress(address); // Step 1: Check if address is a contract const isContract = await checkIfContract(web3, formattedAddress); let result = { address: formattedAddress, isContract: isContract, isVerified: false, contractName: null, contractCreator: null, creationTx: null, creationTimestamp: null, contractCode: null, sourceCode: null, abi: null, error: null }; // If not a contract, return early if (!isContract) { result.error = 'Address is not a contract'; // Check ETH balance const balance = await web3.eth.getBalance(formattedAddress); result.ethBalance = web3.utils.fromWei(balance, 'ether'); // Check transaction count const txCount = await web3.eth.getTransactionCount(formattedAddress); result.transactionCount = txCount; return result; } // Get creation info const creationInfo = await getContractCreationInfo(formattedAddress); if (creationInfo) { result.contractCreator = creationInfo.contractCreator; result.creationTx = creationInfo.txHash; result.creationTimestamp = creationInfo.timestamp; } // Step 2: Check if contract is verified on Etherscan const verificationInfo = await checkIfVerified(formattedAddress); result.isVerified = verificationInfo.isVerified; // Get bytecode regardless of verification status const bytecode = await web3.eth.getCode(formattedAddress); result.contractCode = bytecode; // Step 3: If verified, get contract code and ABI if (verificationInfo.isVerified) { result.sourceCode = verificationInfo.sourceCode; result.contractName = verificationInfo.contractName; result.abi = verificationInfo.abi; // Check contract interfaces/standards (ERC20, ERC721, etc.) result.standards = await detectContractStandards(formattedAddress, verificationInfo.abi); } else { result.error = 'Contract is not verified on Etherscan'; // Attempt to detect contract type from bytecode result.probableType = await detectContractTypeFromBytecode(bytecode); } // Add security analysis if verified (basic heuristics) if (verificationInfo.isVerified && verificationInfo.sourceCode) { result.securityAnalysis = analyzeContractSecurity(verificationInfo.sourceCode); } return result; } catch (error) { console.error('Error analyzing address:', error); return { address: address, isContract: false, isVerified: false, contractCode: null, sourceCode: null, error: error.message }; } }