MCP Smart Contract Analyst

Instructions

Implementation Reference

• src/index.ts:109-166 (handler)

  Handler function that retrieves bytecode from Monad testnet, decompiles it using an external service, extracts Solidity-like source code from HTML, and formats it for analysis including functionality, logic, and security.
  async ({ address }) => { try { const bytecode = await publicClient.getCode({ address: address as `0x${string}`, }) console.debug("contract bytecode:", bytecode); const decompileUrl = process.env.DECOMPILE_URL; if (!decompileUrl) { throw new Error("DECOMPILE_URL not set."); } const formData = new FormData(); formData.append('bytecode', `${bytecode}`); const response = await fetch(decompileUrl, { method: 'POST', body: formData, }); if (!response.ok) { throw new Error(`API request failed with status ${response.status}`); } const html = await response.text(); const regex = /<div class="code javascript" style="border: 1px solid gray; padding: 0.5em; white-space: pre; font-family: monospace; line-height: 1.2">([\s\S]*?)<\/div>/; const match = html.match(regex); if (match) { const sourceCodeWithHtml = match[1]; const sourceCode = sourceCodeWithHtml.replace(/<[^>]*>/g, ''); return { content: [ { type: "text", text: `Analyze the decompiled source code of contract ${address}, including its core functionalities, main logic flow, and security aspects:\n\`\`\`\n${sourceCode}\n\`\`\` `, }, ], }; } else { throw new Error(`Failed to retrieve source code: ${html}`); } } catch (error) { console.error("Error getting contract bytecode:", error); return { content: [ { type: "text", text: `Failed to retrieve contract bytecode for address: ${address}. Error: ${error instanceof Error ? error.message : String(error) }`, }, ], }; } }
• src/index.ts:106-108 (schema)

  Zod schema defining the input parameter 'address' as a string for the contract address on Monad testnet.
  { address: z.string().describe("Monad testnet address to analyze unverified contract for"), },
• src/index.ts:103-167 (registration)

  MCP server tool registration call, specifying name, description, input schema, and inline handler function.
  server.tool( "analyze-unverified-contract", "Analyze a unverified contract from an address on the Monad testnet.", { address: z.string().describe("Monad testnet address to analyze unverified contract for"), }, async ({ address }) => { try { const bytecode = await publicClient.getCode({ address: address as `0x${string}`, }) console.debug("contract bytecode:", bytecode); const decompileUrl = process.env.DECOMPILE_URL; if (!decompileUrl) { throw new Error("DECOMPILE_URL not set."); } const formData = new FormData(); formData.append('bytecode', `${bytecode}`); const response = await fetch(decompileUrl, { method: 'POST', body: formData, }); if (!response.ok) { throw new Error(`API request failed with status ${response.status}`); } const html = await response.text(); const regex = /<div class="code javascript" style="border: 1px solid gray; padding: 0.5em; white-space: pre; font-family: monospace; line-height: 1.2">([\s\S]*?)<\/div>/; const match = html.match(regex); if (match) { const sourceCodeWithHtml = match[1]; const sourceCode = sourceCodeWithHtml.replace(/<[^>]*>/g, ''); return { content: [ { type: "text", text: `Analyze the decompiled source code of contract ${address}, including its core functionalities, main logic flow, and security aspects:\n\`\`\`\n${sourceCode}\n\`\`\` `, }, ], }; } else { throw new Error(`Failed to retrieve source code: ${html}`); } } catch (error) { console.error("Error getting contract bytecode:", error); return { content: [ { type: "text", text: `Failed to retrieve contract bytecode for address: ${address}. Error: ${error instanceof Error ? error.message : String(error) }`, }, ], }; } } );
• src/index.ts:28-28 (registration)

  Server initialization declares 'analyze-unverified-contract' as one of the supported capabilities.
  capabilities: ["analyze-verified-contract", "analyze-unverified-contract"]