Overview

This MCP server runs static security analysis on Solidity smart contract source code using the solidity_contract_audit tool. It detects vulnerabilities like reentrancy, access control issues, tx.origin misuse, unchecked returns, timestamp dependence, delegatecall risks, integer overflows, gas inefficiencies, and missing events. Developers can audit contracts offline without API keys, catching issues early to prevent exploits on blockchain deployments.

Key Capabilities

The solidity_contract_audit tool performs a comprehensive static scan of Solidity code, flagging reentrancy attacks, improper access controls, and tx.origin dependencies. It also identifies unchecked return values, timestamp-based logic flaws, unsafe delegatecalls, integer arithmetic errors, gas optimization opportunities, and absent event emissions. Analysis completes locally, providing detailed reports without external dependencies.

Use Cases

Upload source code for a new ERC-20 token to check for reentrancy and integer safety before mainnet deployment. Analyze a DeFi lending protocol's contract for access control gaps and delegatecall vulnerabilities during a security review. Scan an NFT minting smart contract to find gas optimizations and missing events, reducing deployment costs. Review a DAO governance contract for tx.origin issues and timestamp dependence prior to upgrades.

Who This Is For

Solidity developers building or maintaining Ethereum smart contracts. Blockchain security auditors verifying third-party code. Intermediate to advanced users familiar with Solidity syntax and common Web3 vulnerabilities.