MCP Smart Contract Analyst

Instructions

Implementation Reference

• src/index.ts:109-167 (handler)

  Handler function: Fetches contract bytecode via viem, decompiles using external service, extracts JS source from HTML via regex, returns markdown prompt for analysis. Handles errors by returning failure message.
  async ({ address }) => { try { const bytecode = await publicClient.getCode({ address: address as `0x${string}`, }) console.debug("contract bytecode:", bytecode); const decompileUrl = process.env.DECOMPILE_URL; if (!decompileUrl) { throw new Error("DECOMPILE_URL not set."); } const formData = new FormData(); formData.append('bytecode', `${bytecode}`); const response = await fetch(decompileUrl, { method: 'POST', body: formData, }); if (!response.ok) { throw new Error(`API request failed with status ${response.status}`); } const html = await response.text(); const regex = /<div class="code javascript" style="border: 1px solid gray; padding: 0.5em; white-space: pre; font-family: monospace; line-height: 1.2">([\s\S]*?)<\/div>/; const match = html.match(regex); if (match) { const sourceCodeWithHtml = match[1]; const sourceCode = sourceCodeWithHtml.replace(/<[^>]*>/g, ''); return { content: [ { type: "text", text: `Analyze the decompiled source code of contract ${address}, including its core functionalities, main logic flow, and security aspects:\n\`\`\`\n${sourceCode}\n\`\`\` `, }, ], }; } else { throw new Error(`Failed to retrieve source code: ${html}`); } } catch (error) { console.error("Error getting contract bytecode:", error); return { content: [ { type: "text", text: `Failed to retrieve contract bytecode for address: ${address}. Error: ${error instanceof Error ? error.message : String(error) }`, }, ], }; } } );
• src/index.ts:106-108 (schema)

  Input schema: Zod validator for the 'address' parameter (string).
  { address: z.string().describe("Monad testnet address to analyze unverified contract for"), },
• src/index.ts:103-167 (registration)

  Registers the 'analyze-unverified-contract' tool using server.tool(), including name, description, input schema, and inline handler function.
  server.tool( "analyze-unverified-contract", "Analyze a unverified contract from an address on the Monad testnet.", { address: z.string().describe("Monad testnet address to analyze unverified contract for"), }, async ({ address }) => { try { const bytecode = await publicClient.getCode({ address: address as `0x${string}`, }) console.debug("contract bytecode:", bytecode); const decompileUrl = process.env.DECOMPILE_URL; if (!decompileUrl) { throw new Error("DECOMPILE_URL not set."); } const formData = new FormData(); formData.append('bytecode', `${bytecode}`); const response = await fetch(decompileUrl, { method: 'POST', body: formData, }); if (!response.ok) { throw new Error(`API request failed with status ${response.status}`); } const html = await response.text(); const regex = /<div class="code javascript" style="border: 1px solid gray; padding: 0.5em; white-space: pre; font-family: monospace; line-height: 1.2">([\s\S]*?)<\/div>/; const match = html.match(regex); if (match) { const sourceCodeWithHtml = match[1]; const sourceCode = sourceCodeWithHtml.replace(/<[^>]*>/g, ''); return { content: [ { type: "text", text: `Analyze the decompiled source code of contract ${address}, including its core functionalities, main logic flow, and security aspects:\n\`\`\`\n${sourceCode}\n\`\`\` `, }, ], }; } else { throw new Error(`Failed to retrieve source code: ${html}`); } } catch (error) { console.error("Error getting contract bytecode:", error); return { content: [ { type: "text", text: `Failed to retrieve contract bytecode for address: ${address}. Error: ${error instanceof Error ? error.message : String(error) }`, }, ], }; } } );