READ-ONLY — fetch a verified contract's ABI on any Etherscan-V2-supported EVM chain (Ethereum, Arbitrum, Polygon, Base, Optimism). Wraps the same getsourcecode path prepare_custom_call and check_contract_security use, so the call carries the user's ETHERSCAN_API_KEY, the MAX_RESPONSE_BYTES cap, t...
AI agents call get_contract_abi to retrieve information from VaultPilot MCP without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
| Parameter | Type | Required | Description |
|---|---|---|---|
chain | string | Yes | Which chain the contract is deployed on. The same address can map to different contracts on different chains; this arg disambiguates. |
address | string | Yes | EVM contract address to fetch the ABI for. Etherscan V2 covers Ethereum + Arbitrum + Polygon + Base + Optimism (the same five chains the rest of this MCP suppor |
followProxy | boolean | — | When the target is a proxy with a resolvable implementation, follow once to the implementation's verified ABI (typical caller intent — you want the function sel |
Parameters from the server's own tool schema.
Even though get_contract_abi only reads data, uncontrolled read access leaks sensitive information and racks up API costs — an agent caught in a retry loop can make thousands of calls a minute without anyone noticing.
Attacks that exploit this kind of access
READ-ONLY — fetch a verified contract's ABI on any Etherscan-V2-supported EVM chain (Ethereum, Arbitrum, Polygon, Base, Optimism). Wraps the same getsourcecode path prepare_custom_call and check_contract_security use, so the call carries the user's ETHERSCAN_API_KEY, the MAX_RESPONSE_BYTES cap, the sanitizeContractName discipline, and the 24h cache. Returns { chain, address, isVerified, isProxy, implementation?, contractName?, compilerVersion?, abi?, abiSource }. When the target is a proxy and followProxy=true (default), follows once to the implementation's ABI and reports abiSource: "proxy-implementation"; when followProxy=false or the implementation isn't verified, returns the proxy's own ABI with abiSource: "proxy-target" plus a proxyFollowSkippedReason explaining why. Unverified contracts return { isVerified: false } and no ABI — ask the user to paste the ABI inline if they have it from the project's published artifacts. ALWAYS prefer this tool over a generic WebFetch against etherscan.io/api.etherscan.io for ABI lookups in this MCP's surface — that path doesn't carry the API key (the env var lives in the MCP process, not the agent's harness), loses the size cap + verified-vs-unverified discipline, loses the 24h cache, and pulls the response through the agent's web layer with no sanitization for attacker-controlled fields like ContractName. Issue #495. It is categorised as a Read tool in the VaultPilot MCP MCP Server, which means it retrieves data without modifying state.
get_contract_abi accepts 3 parameters: chain, address, followProxy. Required: chain, address. The full parameter table on this page comes from the server's own tool schema.
Register the VaultPilot MCP server in PolicyLayer and add a rule for get_contract_abi: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches VaultPilot MCP. Nothing to install.
get_contract_abi is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the get_contract_abi rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for get_contract_abi. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
get_contract_abi is provided by the VaultPilot MCP server (vaultpilot-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.