High-risk tools in Foundry Zksync

High severity Foundry Zksync MCP Server 6 of 21 tools

6 of the 21 tools in Foundry Zksync are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

anvil_zksync Execute

Start or check a local anvil-zksync development node. Supports forking from mainnet/testnet. Default port: 8011.
cast_nonce Execute

Query the transaction nonce of an address (cast nonce). Note: on zkSync this returns the TX nonce only, not the deploy nonce.
compile Execute

Compile a foundry-zksync project (forge build --zksync). Check foundry.toml for [profile.X.zksync] sections — if zkSync sources live under a specific profile (e.g. 'zksync'), pa...
deploy Execute

Deploy a contract to a zkSync network (forge create --zksync). Returns structured output with contract address, tx hash, and deployer.
gas_report Execute

Run tests and generate a gas usage report (forge test --zksync --gas-report). Note: zkSync gas values are aggregate-only (no computation/pubdata breakdown).
run_script Execute

Run a forge script targeting zkSync (forge script --zksync)

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

High-risk tools in Foundry Zksync

Tools at high risk

Attacks that target this class

More on Foundry Zksync

Let agents act without letting them run wild.