Give it an address + chain (or raw Solidity), get a SAFE / CAUTION / HIGH-RISK verdict with an explained risk score โ combining the verified source, live on-chain owner/proxy state, and a honeypot & owner-power scan.
| ๐ Upgradeable proxy | EIP-1967 / 1167 / beacon โ the owner can swap the code you audited for different code |
| ๐ Owner powers | mint, pause, blacklist, owner-adjustable fees/tax, max-tx limits, trading on/off, withdraw/sweep |
| ๐ Dangerous primitives | selfdestruct, delegatecall, tx.origin auth, arbitrary external calls, inline assembly |
| ๐ฏ Honeypot signals | can't-sell patterns: blacklist + uncapped tax + trading switch + wallet/tx caps |
| ๐ Owner status | live on-chain check: is owner renounced, a single EOA (one key), or a multisig/timelock? |
| โ Unverified | no verified source on Sourcify = you can't read what you're trusting (strong red flag) |
GET /audit?address=0xdAC17F958D2ee523a2206206994597C13D831ec7&chain=ethereum GET /audit?address=0x...&chain=base
Chains: ethereum, base, optimism, arbitrum, polygon, bsc, avalanche, gnosis, celo (or a numeric chainId).
{
"mcpServers": {
"contract-auditor": { "command": "npx", "args": ["-y", "contract-auditor-mcp"] }
}
}Or connect over HTTP at POST /mcp. Tool: audit_contract.
The /pro/* route is gated by x402. Your agent pays $0.25 USDC per call automatically โ no sign-up, no API key. Settles on-chain to the operator wallet.
GET /pro/audit?address=0x...&chain=ethereum # 402 โ pay โ result