High-risk tools in Boar blockchain MCP (advanced)
11 of the 13 tools in Boar blockchain MCP (advanced) are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
eth_callExecuteExecute a read-only smart contract call on Ethereum mainnet. Returns the hex-encoded return data. Use this to read contract state without sending a transaction.
-
eth_decode_calldataExecuteDecode raw calldata into function name and typed arguments using a provided ABI on Ethereum mainnet. Pure computation — no RPC call needed. Pass the hex calldata from a transact...
-
eth_decode_logExecuteDecode a raw event log (topics + data) into named fields using a provided ABI on Ethereum mainnet. Pure computation — no RPC call needed. Pass topics and data from a transaction...
-
eth_decode_returnExecuteDecode raw return data from an eth_call into typed values using a provided ABI and function name on Ethereum mainnet. Pure computation — no RPC call needed.
-
eth_decode_revertExecuteDecode raw EVM revert data from a failed transaction or eth_call on Ethereum mainnet. Handles Error(string) reverts, Panic(uint256) assertions, custom Solidity errors (requires ...
-
eth_encode_calldataExecuteEncode a function call into ABI-encoded calldata hex. Accepts either a human-readable function signature (e.g. 'transfer(address to, uint256 amount)') or a full ABI JSON array p...
-
mezo_callExecuteExecute a read-only smart contract call on Mezo. Returns the hex-encoded return data. Use this to read contract state without sending a transaction.
-
mezo_decode_calldataExecuteDecode raw calldata into function name and typed arguments using a provided ABI on Mezo. Pure computation — no RPC call needed. Pass the hex calldata from a transaction input or...
-
mezo_decode_logExecuteDecode a raw event log (topics + data) into named fields using a provided ABI on Mezo. Pure computation — no RPC call needed. Pass topics and data from a transaction receipt log...
-
mezo_decode_returnExecuteDecode raw return data from an eth_call into typed values using a provided ABI and function name on Mezo. Pure computation — no RPC call needed.
-
mezo_decode_revertExecuteDecode raw EVM revert data from a failed transaction or mezo_call on Mezo. Handles Error(string) reverts, Panic(uint256) assertions, custom Solidity errors (requires ABI), and s...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.