High-risk tools in Foundry Zksync

High severity Foundry Zksync MCP Server 6 of 21 tools

6 of the 21 tools in Foundry Zksync are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

anvil_zksync Execute 3/5

Start or check a local anvil-zksync development node. Supports forking from mainnet/testnet. Default port: 8011.
cast_nonce Execute 3/5

Query the transaction nonce of an address (cast nonce). Note: on zkSync this returns the TX nonce only, not the deploy nonce.
compile Execute 3/5

Compile a foundry-zksync project (forge build --zksync). Check foundry.toml for [profile.X.zksync] sections — if zkSync sources live under a specific profile (e.g. 'zksync'), pa...
deploy Execute 3/5

Deploy a contract to a zkSync network (forge create --zksync). Returns structured output with contract address, tx hash, and deployer.
gas_report Execute 3/5

Run tests and generate a gas usage report (forge test --zksync --gas-report). Note: zkSync gas values are aggregate-only (no computation/pubdata breakdown).
run_script Execute 3/5

Run a forge script targeting zkSync (forge script --zksync)

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

High-risk tools in Foundry Zksync

Tools at high risk

Attacks that target this class

More on Foundry Zksync

Enforce policy on Foundry Zksync