Build an unsigned Curve swap on Ethereum. Issue #615. Supports the canonical legacy stETH/ETH pool (0xDC24316b9AE028F1497c275EB9192a3Ea0f67022 — historically the tightest-spread venue for stETH↔ETH) and any plain pool registered with the stable_ng factory (covers crvUSD/USDC, USDe/USDC, etc.). Pa...
AI agents invoke prepare_curve_swap to trigger actions in VaultPilot MCP. What it does depends on the arguments the agent supplies, and its effects often reach beyond the immediate call — builds kicked off, notifications sent, workflows started.
| Parameter | Type | Required | Description |
|---|---|---|---|
pool | string | Yes | Curve pool address. Must be the canonical legacy stETH/ETH pool (0xDC24316b9AE028F1497c275EB9192a3Ea0f67022) or a stable_ng factory plain pool. Meta pools, cryp |
amount | string | Yes | Human-readable decimal input amount in the from-token (e.g. "1.5"). Decimals are read from the from-token contract; native = 18. |
minOut | string | — | Explicit minimum output in the to-token's wei (decimal-string uint256). Takes precedence over `slippageBps` when both are provided. |
wallet | string | Yes | 0x EVM wallet address that will sign the tx. |
toToken | object | Yes | Token to receive. Same rules as `fromToken`. Must differ from `fromToken` and both must appear in the pool's `coins` array. |
fromToken | object | Yes | Token to spend. Pass `"native"` only for pools whose `coins(i)` returns the ETH sentinel (0xeeee...eeee) at some index — currently the legacy stETH/ETH pool. Fo |
approvalCap | string | — | Cap on the ERC-20 approval preceding this action. Omit for "unlimited" (standard DeFi UX — fewer follow-up approvals). Pass "exact" to approve only what this ac |
slippageBps | integer | — | Slippage tolerance in basis points (50 = 0.5%). When set, `min_dy = get_dy(i,j,dx) * (1 - slippageBps/10000)`. Either `slippageBps` or `minOut` is required — th |
acknowledgeHighSlippage | boolean | — | Required when `slippageBps > 100` (1%). Same gate as `prepare_swap` — sandwich-MEV bots target wide-slippage txs. |
acknowledgeNonAllowlistedSpender | boolean | — | AFFIRMATIVE GATE — required whenever `fromToken` is an ERC-20 (the approve leg targets the Curve pool, which is NOT in the global protocol approve-allowlist: Aa |
Parameters from the server's own tool schema.
prepare_curve_swap triggers real processes with real consequences. An agent gone sideways doesn't fire it once — it starts dozens of builds, sends mass notifications, or burns through compute before anyone looks up.
Risk signalsHigh parameter count (10 properties) · Bulk/mass operation — affects multiple targets
Attacks that exploit this kind of access
Build an unsigned Curve swap on Ethereum. Issue #615. Supports the canonical legacy stETH/ETH pool (0xDC24316b9AE028F1497c275EB9192a3Ea0f67022 — historically the tightest-spread venue for stETH↔ETH) and any plain pool registered with the stable_ng factory (covers crvUSD/USDC, USDe/USDC, etc.). Pass pool + fromToken + toToken; the tool resolves coin indices from the pool's coins array. Use fromToken: "native" for the ETH leg of the stETH/ETH pool (the only currently-supported pool whose coins(i) returns the ETH sentinel). Slippage gate REQUIRED: slippageBps (server reads get_dy and applies the cap) or minOut (explicit decimal-string uint256). The pool's exchange() accepts min_dy=0 silently — defaulting to that would let MEV extract the entire output. ERC-20 inputs chain an approval to the pool automatically. Rejected: meta pools (use exchange_underlying — different ABI), cryptoswap / tricrypto / older legacy stable pools (uint256 indices, use_eth flag — different selectors). For unsupported Curve pairs, fall back to prepare_swap (LiFi). It is categorised as a Execute tool in the VaultPilot MCP MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.
prepare_curve_swap accepts 10 parameters: pool, amount, minOut, wallet, toToken, fromToken, approvalCap, slippageBps, acknowledgeHighSlippage, acknowledgeNonAllowlistedSpender. Required: pool, amount, wallet, toToken, fromToken. The full parameter table on this page comes from the server's own tool schema.
Register the VaultPilot MCP server in PolicyLayer and add a rule for prepare_curve_swap: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches VaultPilot MCP. Nothing to install.
prepare_curve_swap is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.
Yes. Add a rate_limit block to the prepare_curve_swap rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for prepare_curve_swap. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
prepare_curve_swap is provided by the VaultPilot MCP server (vaultpilot-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.