base-security-scanner-mcp
MCP server for AI agents to scan smart contracts on Base mainnet for security vulnerabilities. Detect honeypots, rug pulls, hidden mints, proxy patterns, and generate full audit reports -- all read-only, no private key needed.
Install
npx -y base-security-scanner-mcp
Configure (Claude Desktop / Cursor)
{
"mcpServers": {
"base-security-scanner": {
"command": "npx",
"args": ["-y", "base-security-scanner-mcp"]
}
}
}
Tools (8)
| Tool |
Description |
scan_contract |
Analyze a contract for security issues (reentrancy, access control, hidden mints, proxy patterns) |
check_honeypot |
Check if a token is a honeypot by simulating buy+sell via Uniswap V2 |
detect_rug_risk |
Score rug pull risk 0-100 based on ownership, liquidity, permissions, honeypot status |
analyze_bytecode |
Disassemble bytecode, identify contract type (proxy, AMM, ERC-20, diamond, etc.) |
check_token_permissions |
Check owner permissions: mint, pause, blacklist, change fees, disable trading |
get_contract_info |
Basic contract metadata: verified status, bytecode size, ETH balance, token info |
compare_bytecode |
Clone detection -- check if two contracts share the same bytecode |
audit_report |
Full security audit combining all checks into one comprehensive report |
Environment Variables
| Variable |
Default |
Description |
RPC_URL |
https://mainnet.base.org |
Base mainnet RPC endpoint |
How It Works
- Bytecode Analysis: Extracts PUSH4 opcodes to find function selectors, matches against 30+ known dangerous patterns
- Opcode Scanning: Detects DELEGATECALL, SELFDESTRUCT, CREATE, CREATE2
- Honeypot Detection: Simulates ETH->Token->ETH round-trip via Uniswap V2 router getAmountsOut
- Rug Scoring: Weighted algorithm combining ownership, liquidity depth, dangerous permissions, honeypot status
- Clone Detection: Jaccard similarity on function selector sets
Related MCP Servers
| Package |
Tools |
What it does |
obsd-launchpad-mcp |
14 |
Deploy tokens, trade, earn OBSD |
base-security-scanner-mcp |
8 |
Scan contracts for vulnerabilities |
base-price-oracle-mcp |
7 |
On-chain price feeds from DEX pools |
base-multi-wallet-mcp |
8 |
Coordinated multi-wallet trading |
base-gasless-deploy-mcp |
5 |
Gasless ERC-20 token deployment |
base-flash-arb-mcp |
7 |
Detect arbitrage opportunities |
base-token-sniper-mcp |
5 |
Discover & trade new launches |
base-wallet-toolkit-mcp |
7 |
Wallet balances, gas, tokens |
base-contract-reader-mcp |
6 |
Read any smart contract (free) |
create-mcp-server-cli |
- |
Scaffold a new MCP server |
License
MIT
