AI agents call read_contract to retrieve information from Gulltoppr without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
| Parameter | Type | Required | Description |
|---|---|---|---|
args | array | — | Function arguments, in order. Pass uint values as decimal strings. |
chain | string | Yes | Chain alias ("ethereum", "base", "optimism", "arbitrum", "polygon", "local") or numeric chain id. |
address | string | Yes | 0x contract address. |
rpc_url | string | — | Override RPC URL. Required for chains with no default (e.g. local/31337). |
function | string | Yes | Function name, or full signature like "transfer(address,uint256)" if overloaded. |
Parameters from the server's own tool schema.
This tool only reads contract state by calling view/pure functions. It explicitly rejects state-mutating functions and involves no wallet or financial operations. The narrow scope (read-only contract queries) and built-in safeguards (rejection of state changes) result in minimal risk of misuse.
From the tool's definition Tool description explicitly states 'Call a view/pure function and get the decoded result' and 'Rejects state-mutating functions.' View/pure functions are read-only operations with no side effects.
Attacks that exploit this kind of access
Call a view/pure function and get the decoded result. No wallet, no cost. Rejects state-mutating functions. It is categorised as a Read tool in the Gulltoppr MCP Server, which means it retrieves data without modifying state.
read_contract accepts 5 parameters: args, chain, address, rpc_url, function. Required: chain, address, function. The full parameter table on this page comes from the server's own tool schema.
Register the Gulltoppr MCP server in PolicyLayer and add a rule for read_contract: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Gulltoppr. Nothing to install.
read_contract is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the read_contract rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for read_contract. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
read_contract is provided by the Gulltoppr MCP server (https://mcp.gulltoppr.dev/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →