READ-ONLY — call any view/pure function on any verified-ABI EVM contract. Mirrors Etherscan's "Read Contract" tab and the symmetric counterpart of prepare_custom_call. Use for the long tail of on-chain reads no protocol-specific tool covers: OZ AccessControl role members (getRoleMember(bytes32,ui...
AI agents call read_contract to retrieve information from VaultPilot MCP without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
| Parameter | Type | Required | Description |
|---|---|---|---|
fn | string | Yes | Function name to call (e.g. "getRoleMember"). Pass the FULL signature ("getRoleMember(bytes32,uint256)") to disambiguate when the ABI has overloads for the same |
abi | array | — | Inline ABI array. When omitted, the tool fetches it via Etherscan V2. Pass it to override the Etherscan ABI, to call a contract whose source isn't yet verified, |
args | array | — | Array of args matching the function's inputs in order. Decimal strings for uint256 (e.g. "0"), 0x-prefixed hex for bytes32/bytes (e.g. an OZ role hash like kecc |
chain | string | — | |
contract | string | Yes | Target contract address. Must be Etherscan-verified OR the `abi` arg must be passed inline. |
Parameters from the server's own tool schema.
Even though read_contract only reads data, uncontrolled read access leaks sensitive information and racks up API costs — an agent caught in a retry loop can make thousands of calls a minute without anyone noticing.
Attacks that exploit this kind of access
READ-ONLY — call any view/pure function on any verified-ABI EVM contract. Mirrors Etherscan's "Read Contract" tab and the symmetric counterpart of prepare_custom_call. Use for the long tail of on-chain reads no protocol-specific tool covers: OZ AccessControl role members (getRoleMember(bytes32,uint256), hasRole(bytes32,address)), governance proposal state, oracle prices, vault share prices, Safe owner enumeration, ERC-1155 balances, etc. ABI source: pass abi: [...] inline (preferred when you have the project's published artifact) OR omit it and the tool fetches via Etherscan V2 — refuses on unverified contracts with NO raw-bytecode fallback. Proxies are followed once to the implementation when Etherscan exposes the link. Pass fn as a name ("getRoleMember") when unambiguous, or as the full signature ("getRoleMember(bytes32,uint256)") to disambiguate overloads. args types are validated by viem's encoder — uint256 expects a decimal string, address expects 0x-prefixed hex, bytes32 expects 0x-prefixed 64-hex (e.g. an OZ role hash like keccak256("EXECUTOR_ROLE") = 0xd8aa0f3194971a2a116679f7c2090f6939c8d4e01a2a8d7e41d55e5351469e63). Refuses on functions whose stateMutability is not view or pure — eth_call would simulate a state-changing function and return a hypothetical result that has not occurred on-chain. Use prepare_custom_call for writes. It is categorised as a Read tool in the VaultPilot MCP MCP Server, which means it retrieves data without modifying state.
read_contract accepts 5 parameters: fn, abi, args, chain, contract. Required: fn, contract. The full parameter table on this page comes from the server's own tool schema.
Register the VaultPilot MCP server in PolicyLayer and add a rule for read_contract: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches VaultPilot MCP. Nothing to install.
read_contract is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the read_contract rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for read_contract. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
read_contract is provided by the VaultPilot MCP server (vaultpilot-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.