Critical-risk tools in Forge Treasury

Critical severity Forge Treasury MCP Server 3 of 9 tools

3 of the 9 tools in Forge Treasury are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at critical risk

deposit Financial

Deposit USDC into a Forge Treasury vault on Base. Returns calldata for the agent wallet to sign. The agent must approve USDC to the vault contract first. Mints yield-bearing fUS...
simulate_deposit Financial

Project expected returns for a USDC deposit over 30, 90, and 365 days using the blended target APY. Use for agent reasoning before depositing. APY is a blended target across con...
withdraw Financial

Withdraw from the Forge Treasury vault by redeeming shares. Returns calldata for the agent wallet. A 15% performance fee may apply on profits above the high water mark.

Attacks that target this class

Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Privilege escalation via admin-only tools
Data exfiltration via tool chaining
Runaway Tool Loops

Critical-risk tools in Forge Treasury

Tools at critical risk

Attacks that target this class

More on Forge Treasury

Let agents act without letting them run wild.