Blockchain/ Distributed Ledger

Demo of AI and Model Context Protocol (MCP) servers talking to and with Blockchain. Summary report details from Kurt are below the recording.

Recording:

• https://cloudsecurityalliance.zoom.us/rec/share/GN752y2FqFQnqnsnk6B3DStTP7ja8Ab4o7L-N5WXor-E4oW7NptVicZRXjxYWczn.VVg5ioQbHQj4MCYu
• Passcode: g0MNRpg.
  
  

Summary Report:
# MCP Etherscan Server Setup and Development

## Project Overview
The MCP Etherscan Server is a TypeScript server that provides Ethereum blockchain data through Etherscan's API using the Model Context Protocol (MCP). This server enables seamless integration between LLM applications and Ethereum blockchain data.

## Environment Setup

### Node Version Management
Install nvm using Homebrew:
```bash
# Install nvm
brew install nvm

# Create nvm directory
mkdir ~/.nvm

# Add to ~/.zshrc
export NVM_DIR="$HOME/.nvm"
[ -s "/opt/homebrew/opt/nvm/nvm.sh" ] && \. "/opt/homebrew/opt/nvm/nvm.sh"
[ -s "/opt/homebrew/opt/nvm/etc/bash_completion.d/nvm" ] && \. "/opt/homebrew/opt/nvm/etc/bash_completion.d/nvm"

# Reload shell configuration
source ~/.zshrc
```

Verify nvm installation:
```bash
# Check nvm version
nvm --version

# List available Node versions
nvm ls-remote

# Install specific Node version
nvm install 18.17.0

# Use that version
nvm use 18.17.0

# Set default version
nvm alias default 18.17.0
```

### Checking NVM Environment
```bash
# Show current nvm version
nvm --version

# Show current Node version and path
nvm current
which node

# List installed Node versions
nvm ls

# Check Node version
node --version

# Full environment check
echo "NVM version: $(nvm --version)"
echo "Current Node version: $(nvm current)"
echo "Node path: $(which node)"
echo "Node version: $(node --version)"
echo "NPM version: $(npm --version)"
```

## Project Dependencies
The project uses several key dependencies, all of which have been verified for security and legitimacy:

### Core Dependencies
1. **ethers** (^6.13.5)
   - Purpose: Ethereum blockchain interaction
   - Status: Industry standard library
   - Security: No major vulnerabilities
   - Weekly Downloads: ~286,265

2. **@modelcontextprotocol/sdk** (^1.0.0)
   - Purpose: MCP server functionality
   - Source: Official MCP SDK
   - Repository: modelcontextprotocol/typescript-sdk

3. **dotenv** (^16.4.7)
   - Purpose: Environment variable management
   - Weekly Downloads: ~42.6M
   - Security: No major vulnerabilities

4. **zod** (^3.22.4)
   - Purpose: Schema validation
   - Weekly Downloads: ~4.5M
   - Used by: Next.js, Prisma

### Dev Dependencies
1. **@types/node** (^20.11.17)
   - Purpose: TypeScript definitions for Node.js
   - Source: DefinitelyTyped

2. **typescript** (^5.4.2)
   - Purpose: TypeScript compilation
   - Source: Microsoft official

## Project Structure
```
mcp-etherscan-server/
├── src/
│   ├── types/
│   │   └── etherscan.ts       # Type definitions
│   ├── services/
│   │   └── etherscanService.ts # Etherscan API service
│   ├── server.ts              # MCP server setup
│   └── index.ts               # Entry point
├── package.json
├── tsconfig.json
└── .env.example
```

## Security Improvements Made

### Input Validation
```typescript
const AddressSchema = z.object({
  address: z.string()
    .regex(/^0x[a-fA-F0-9]{40}$/, 'Invalid Ethereum address format')
    .transform(addr => addr.toLowerCase())
});
```

### API Key Security
```typescript
if (!this.provider.apiKey) {
  throw new Error('API key is required');
}
```

### Rate Limiting
```typescript
private readonly requestTimeout = 10000; // 10s timeout
private lastRequestTime = 0;
private readonly minRequestInterval = 200; // Rate limiting
```

### Error Handling
```typescript
private sanitizeErrorMessage(message: string): string {
  return message
    .replace(/0x[a-fA-F0-9]{40}/g, '0x...')
    .replace(/[a-zA-Z0-9]{34,}/g, '***');
}
```

## Available Tools
1. check-balance: Check ETH balance
2. get-transactions: Retrieve recent transactions
3. get-token-transfers: Get ERC20 token transfers
4. get-contract-abi: Fetch smart contract ABI
5. get-gas-prices: Get current gas prices
6. get-ens-name: Lookup ENS names

## Development Commands

### Project Setup
```bash
# Clone repository
git clone <repository-url>
cd mcp-etherscan-server

# Install dependencies
npm install

# Build project
npm run build

# Start server
npm start
```

### Environment Configuration
```bash
# Copy example environment file
cp .env.example .env

# Edit .env file with your Etherscan API key
ETHERSCAN_API_KEY=your_api_key_here
```

## Security Recommendations

### Package Updates
Update to latest secure versions:
```json
{
  "dependencies": {
    "@modelcontextprotocol/sdk": "^1.0.0",
    "dotenv": "^16.4.7",
    "ethers": "^6.13.5",
    "zod": "^3.22.4"
  },
  "devDependencies": {
    "@types/node": "^20.11.17",
    "typescript": "^5.4.2"
  }
}
```

### NPM Configuration
Create .npmrc:
```
save-exact=true
audit=true
```

## Notes and Observations
- TypeScript strict mode is enabled for maximum type safety
- All external API calls are rate-limited and timeout-protected
- Input validation is performed using Zod schemas
- Error messages are sanitized to prevent sensitive data leakage
- The server uses stdio transport for MCP communication

## Future Improvements
1. Implement request logging
2. Add metrics collection
3. Add circuit breaker for API calls
4. Implement caching layer
5. Add test coverage
6. Add OpenAPI documentation

## Links
- [Ethers.js Documentation](https://docs.ethers.org/v6/)
- [MCP SDK Documentation](https://github.com/modelcontextprotocol/typescript-sdk)
- [Etherscan API Documentation](https://docs.etherscan.io/)