Skip to main content
Glama
lordbasilaiassistant-sudo

base-security-scanner-mcp

by lordbasilaiassistant-sudo
OverviewSchemaRelated ServersScoreDiscussions
JavaScript

audit_report

Generate a comprehensive security audit report for Base mainnet tokens by analyzing contract code, honeypot risks, rug pull potential, bytecode, and permissions in one consolidated assessment.

Instructions

Generate a full security audit report for a token on Base mainnet. Combines contract scan, honeypot check, rug risk score, bytecode analysis, and permission checks into one comprehensive report.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
token_addressYesToken contract address on Base mainnet

Implementation Reference

  • src/index.ts:971-1093 (handler)
    The handler logic for the 'audit_report' tool, which performs a full security audit of a contract on Base mainnet.
    server.tool(
  "audit_report",
  "Generate a full security audit report for a token on Base mainnet. Combines contract scan, honeypot check, rug risk score, bytecode analysis, and permission checks into one comprehensive report.",
  {
    token_address: z.string().describe("Token contract address on Base mainnet"),
  },
  async ({ token_address }) => {
    try {
      const code = await getContractBytecode(token_address);
      if (code === "0x" || code.length <= 2) {
        return ok({
          token: token_address,
          isContract: false,
          report: "Address is not a contract. Cannot generate audit report.",
        });
      }

      // Run all checks in parallel
      const [
        contractInfo,
        tokenMeta,
        ownership,
        honeypot,
        rugResult,
        liquidity,
      ] = await Promise.all([
        getBasicContractInfo(token_address),
        getTokenMetadata(token_address),
        checkOwnership(token_address),
        simulateHoneypot(token_address),
        computeRugScore(token_address),
        findLiquidityPair(token_address),
      ]);

      const selectors = extractSelectors(code);
      const { findings, riskCounts } = analyzeSelectorRisks(selectors);
      const opcodes = analyzeOpcodes(code);
      const contractTypes = identifyContractType(selectors);

      // Permission summary
      const dangerousSelectors = findings.filter(f => f.risk === "critical" || f.risk === "high");
      const permissionSummary = dangerousSelectors.length === 0
        ? "No dangerous owner permissions detected"
        : `${dangerousSelectors.length} dangerous permission(s): ${dangerousSelectors.map(f => f.name).join(", ")}`;

      // Overall risk
      let overallRisk = "LOW";
      if (rugResult.score >= 70 || honeypot.isHoneypot) overallRisk = "CRITICAL";
      else if (rugResult.score >= 50) overallRisk = "HIGH";
      else if (rugResult.score >= 30) overallRisk = "MEDIUM";

      // Build recommendations
      const recommendations: string[] = [];
      if (ownership.hasOwner && !ownership.isRenounced) {
        recommendations.push("Request ownership renouncement or verify owner identity");
      }
      if (honeypot.isHoneypot) {
        recommendations.push("DO NOT BUY — honeypot detected");
      }
      if (riskCounts.critical > 0) {
        recommendations.push("Critical functions detected — review contract source code on Basescan");
      }
      if (opcodes.hasSelfDestruct) {
        recommendations.push("SELFDESTRUCT present — contract can be destroyed at any time");
      }
      if (opcodes.hasDelegatecall) {
        recommendations.push("DELEGATECALL present — verify proxy implementation is safe");
      }
      if (!liquidity.hasLiquidity) {
        recommendations.push("No liquidity found — cannot trade this token");
      }
      if (recommendations.length === 0) {
        recommendations.push("No major red flags found. Always DYOR and start with small positions.");
      }

      return ok(serializeBigInts({
        report: "BASE SECURITY SCANNER - AUDIT REPORT",
        token: token_address,
        timestamp: new Date().toISOString(),
        overallRisk,
        rugScore: rugResult.score,
        tokenMetadata: tokenMeta,
        contractInfo: {
          bytecodeSize: contractInfo.bytecodeSize,
          balanceETH: contractInfo.balanceETH,
          contractTypes,
          complexity: opcodes.estimatedComplexity,
        },
        ownership: {
          hasOwner: ownership.hasOwner,
          owner: ownership.owner,
          isRenounced: ownership.isRenounced,
        },
        honeypotAnalysis: {
          isHoneypot: honeypot.isHoneypot,
          canBuy: honeypot.canBuy,
          canSell: honeypot.canSell,
          estimatedBuyTax: honeypot.buyTax,
          estimatedSellTax: honeypot.sellTax,
          details: honeypot.details,
        },
        liquidity: {
          pairAddress: liquidity.pairAddress,
          hasLiquidity: liquidity.hasLiquidity,
          reserveWETH: liquidity.reserveWETH,
        },
        dangerousOpcodes: {
          delegatecall: opcodes.hasDelegatecall,
          selfdestruct: opcodes.hasSelfDestruct,
          create: opcodes.hasCreate,
          create2: opcodes.hasCreate2,
        },
        permissionSummary,
        riskCounts,
        rugFactors: rugResult.factors,
        recommendations,
        knownFunctions: findings,
      }) as Record<string, unknown>);
    } catch (err) {
      return fail(`audit_report failed: ${err instanceof Error ? err.message : String(err)}`);
    }
  }
);
Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/lordbasilaiassistant-sudo/base-security-scanner-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server