DEV Community: fino The latest articles on DEV Community by fino (@fino_3953725ae0be269e863a). https://dev.to/fino_3953725ae0be269e863a https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3828116%2F6bfb6114-7ff3-41ba-b825-cfd552223fd9.png DEV Community: fino https://dev.to/fino_3953725ae0be269e863a en I built a cross-chain swap SDK for AI agents (MCP-native, handles cold start gas automatically) fino Thu, 26 Mar 2026 08:04:59 +0000 https://dev.to/fino_3953725ae0be269e863a/i-built-a-cross-chain-swap-sdk-for-ai-agents-mcp-native-handles-cold-start-gas-automatically-41a7 https://dev.to/fino_3953725ae0be269e863a/i-built-a-cross-chain-swap-sdk-for-ai-agents-mcp-native-handles-cold-start-gas-automatically-41a7 <p>I needed to swap 0.003 ETH (on Base) to MYST tokens (on Polygon) for an AI agent I was building. Simple enough, right?</p> <p>Two hours later, I had manually:</p> <ol> <li>Found the best DEX route on Paraswap</li> <li>Realized I had no POL on Polygon for gas — so the bridged USDC was stuck</li> <li>Manually sent POL from another wallet</li> <li>Set <code>amountOutMin</code> wrong and got sandwiched</li> <li>Fumbled the slippage config and the tx reverted</li> </ol> <p><strong>There was no single tool that handled all of this.</strong> So I built one.</p> <h2> What is AutoSwap? </h2> <p>AutoSwap is a cross-chain swap SDK built specifically for AI agents. It wraps the entire swap pipeline — DEX routing, bridging, native gas resolution, and slippage protection — into <strong>a single function call</strong>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">autoswap</span> <span class="kn">import</span> <span class="n">swap</span> <span class="n">result</span> <span class="o">=</span> <span class="nf">swap</span><span class="p">(</span> <span class="n">from_token</span><span class="o">=</span><span class="sh">"</span><span class="s">ETH</span><span class="sh">"</span><span class="p">,</span> <span class="n">from_chain</span><span class="o">=</span><span class="sh">"</span><span class="s">base</span><span class="sh">"</span><span class="p">,</span> <span class="n">to_token</span><span class="o">=</span><span class="sh">"</span><span class="s">MYST</span><span class="sh">"</span><span class="p">,</span> <span class="n">to_chain</span><span class="o">=</span><span class="sh">"</span><span class="s">polygon</span><span class="sh">"</span><span class="p">,</span> <span class="n">amount</span><span class="o">=</span><span class="mf">0.003</span><span class="p">,</span> <span class="n">slippage_max</span><span class="o">=</span><span class="mf">2.0</span><span class="p">,</span> <span class="n">dry_run</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="c1"># simulate first — always </span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">result</span><span class="p">.</span><span class="n">route_taken</span><span class="p">)</span> <span class="c1"># → "ETH→USDC (base) | bridge USDC base→polygon | USDC→MYST (polygon)" </span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">~</span><span class="si">{</span><span class="n">result</span><span class="p">.</span><span class="n">amount_out</span><span class="si">:</span><span class="p">.</span><span class="mi">4</span><span class="n">f</span><span class="si">}</span><span class="s"> MYST</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># → "~47.3281 MYST" </span></code></pre> </div> <p>That's it. One call.</p> <h2> The Problems AutoSwap Solves </h2> <h3> 1. The Cold Start Gas Problem </h3> <p>This is the most under-discussed problem in cross-chain DeFi.</p> <p>You bridge USDC from Base to Polygon. It arrives. Now you need to swap it to MYST. But you have <strong>zero POL</strong> on Polygon. Your USDC is stuck, and you can't do anything without gas.</p> <p>AutoSwap detects this automatically and resolves it via a gasless relay before executing your swap. You never have to think about it.</p> <h3> 2. amountOutMin=0 (The MEV Sandwich Attacker's Best Friend) </h3> <p>Every tutorial, every StackOverflow answer, every quick script I've seen sets <code>amountOutMin=0</code> "for simplicity." This is the #1 way to get sandwiched.</p> <p>AutoSwap <strong>never sets amountOutMin=0</strong>. Period. Slippage is calculated against real liquidity data from the DEX. The hard maximum is 50% — any route exceeding that is rejected outright.</p> <h3> 3. Best Route Selection </h3> <p>AutoSwap queries both Paraswap (50+ DEX aggregation) and Uniswap V3 in parallel, picks the highest expected output, and validates it before building the transaction.</p> <h3> 4. Bridge Complexity </h3> <p>Cross-chain routing via Across Protocol with ~2-5 second fills, automatic fallback if the primary route fails, and USDC as the default bridge token (deepest liquidity).</p> <h2> Architecture </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>autoswap/ ├── src/ │ ├── swap.py ← Orchestrator │ ├── router.py ← DEX routing (Paraswap + Uniswap V3) │ ├── bridge.py ← Cross-chain bridge (Across Protocol) │ ├── gas.py ← Native gas resolver │ └── safety.py ← Slippage + sandwich protection ├── autoswap/ ← Python package ├── npm/ ← JavaScript wrapper └── mcp-tool.json ← MCP tool descriptor (for AI agents) </code></pre> </div> <h2> MCP Native: Claude/Cursor/Cline Can Call It Directly </h2> <p>This is where it gets interesting for AI agent builders.</p> <p>AutoSwap ships as an <strong>MCP (Model Context Protocol) tool</strong>. Add this to your Claude Desktop or Cursor config:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"mcpServers"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"autoswap"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"command"</span><span class="p">:</span><span class="w"> </span><span class="s2">"python3"</span><span class="p">,</span><span class="w"> </span><span class="nl">"args"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"-m"</span><span class="p">,</span><span class="w"> </span><span class="s2">"autoswap.mcp_handler"</span><span class="p">],</span><span class="w"> </span><span class="nl">"env"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ETH_PRIVATE_KEY"</span><span class="p">:</span><span class="w"> </span><span class="s2">"your_key"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Now Claude can execute cross-chain swaps directly in conversation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>User: "Swap 0.003 ETH on Base to MYST on Polygon, show me the route first" Claude: [calls autoswap.swap with dry_run=true] → Route: ETH→USDC (base) | bridge USDC base→polygon | USDC→MYST (polygon) → Expected output: ~47.3 MYST → Bridge fee: 0.08 USDC "Execute it." Claude: [calls autoswap.swap with dry_run=false] → Received: 47.1 MYST ✅ </code></pre> </div> <p>No manual steps. No fumbling with raw transaction builders. The agent just calls <code>swap()</code> and gets a result.</p> <h2> Dry-Run Mode: Safe by Default </h2> <p>AutoSwap is designed for agents that need to verify before executing. <code>dry_run=True</code> builds the entire transaction pipeline, checks liquidity, calculates fees, and returns the full route — <strong>without submitting anything to the blockchain</strong>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Always dry-run first </span><span class="n">result</span> <span class="o">=</span> <span class="nf">swap</span><span class="p">(</span><span class="sh">"</span><span class="s">ETH</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">base</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">MYST</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">polygon</span><span class="sh">"</span><span class="p">,</span> <span class="mf">0.003</span><span class="p">,</span> <span class="n">dry_run</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Route: </span><span class="si">{</span><span class="n">result</span><span class="p">.</span><span class="n">route_taken</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Expected: </span><span class="si">{</span><span class="n">result</span><span class="p">.</span><span class="n">amount_out</span><span class="si">:</span><span class="p">.</span><span class="mi">4</span><span class="n">f</span><span class="si">}</span><span class="s"> MYST</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Bridge fee: </span><span class="si">{</span><span class="n">result</span><span class="p">.</span><span class="n">fees</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">bridge_fee</span><span class="sh">'</span><span class="p">,</span> <span class="mi">0</span><span class="p">)</span><span class="si">:</span><span class="p">.</span><span class="mi">4</span><span class="n">f</span><span class="si">}</span><span class="s"> USDC</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Only execute if the numbers look right </span><span class="k">if</span> <span class="n">result</span><span class="p">.</span><span class="n">success</span> <span class="ow">and</span> <span class="n">result</span><span class="p">.</span><span class="n">amount_out</span> <span class="o">&gt;</span> <span class="mi">40</span><span class="p">:</span> <span class="n">live</span> <span class="o">=</span> <span class="nf">swap</span><span class="p">(</span><span class="sh">"</span><span class="s">ETH</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">base</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">MYST</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">polygon</span><span class="sh">"</span><span class="p">,</span> <span class="mf">0.003</span><span class="p">,</span> <span class="n">dry_run</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">TX: </span><span class="si">{</span><span class="n">live</span><span class="p">.</span><span class="n">tx_hashes</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h2> JavaScript / npm </h2> <p>There's a thin JS wrapper for Node.js environments:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>autoswap </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">swap</span><span class="p">,</span> <span class="nx">quote</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">autoswap</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">swap</span><span class="p">({</span> <span class="na">fromToken</span><span class="p">:</span> <span class="dl">'</span><span class="s1">ETH</span><span class="dl">'</span><span class="p">,</span> <span class="na">fromChain</span><span class="p">:</span> <span class="dl">'</span><span class="s1">base</span><span class="dl">'</span><span class="p">,</span> <span class="na">toToken</span><span class="p">:</span> <span class="dl">'</span><span class="s1">MYST</span><span class="dl">'</span><span class="p">,</span> <span class="na">toChain</span><span class="p">:</span> <span class="dl">'</span><span class="s1">polygon</span><span class="dl">'</span><span class="p">,</span> <span class="na">amount</span><span class="p">:</span> <span class="mf">0.003</span><span class="p">,</span> <span class="na">dryRun</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">});</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">routeTaken</span><span class="p">);</span> </code></pre> </div> <h2> Supported Networks </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Chain</th> <th>Status</th> </tr> </thead> <tbody> <tr> <td>Base</td> <td>✅ Full support</td> </tr> <tr> <td>Polygon</td> <td>✅ Full support</td> </tr> <tr> <td>Arbitrum</td> <td>✅ Full support</td> </tr> <tr> <td>Optimism</td> <td>✅ Full support</td> </tr> <tr> <td>Ethereum</td> <td>🔜 Coming soon</td> </tr> </tbody> </table></div> <h2> Comparison </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th>AutoSwap</th> <th>Li.Fi</th> <th>1inch</th> <th>Relay.link</th> </tr> </thead> <tbody> <tr> <td>Single function call</td> <td>✅</td> <td>❌</td> <td>❌</td> <td>❌</td> </tr> <tr> <td>Cold start gas fix</td> <td>✅ automatic</td> <td>❌ manual</td> <td>❌</td> <td>❌</td> </tr> <tr> <td>Sandwich protection</td> <td>✅ built-in</td> <td>⚠️</td> <td>✅</td> <td>⚠️</td> </tr> <tr> <td>amountOutMin=0 guard</td> <td>✅ always</td> <td>⚠️</td> <td>✅</td> <td>⚠️</td> </tr> <tr> <td>MCP / AI agent ready</td> <td>✅ native</td> <td>❌</td> <td>❌</td> <td>❌</td> </tr> <tr> <td>Dry-run simulation</td> <td>✅</td> <td>⚠️</td> <td>❌</td> <td>❌</td> </tr> <tr> <td>No API key needed</td> <td>✅</td> <td>❌</td> <td>❌</td> <td>❌</td> </tr> <tr> <td>Open source (MIT)</td> <td>✅</td> <td>✅ GPL</td> <td>❌</td> <td>❌</td> </tr> </tbody> </table></div> <h2> Install </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>autoswap <span class="c"># or</span> npm <span class="nb">install </span>autoswap </code></pre> </div> <p>GitHub: <a href="https://github.com/fino-oss/autoswap" rel="noopener noreferrer">https://github.com/fino-oss/autoswap</a></p> <p>Built from real pain. If you've ever manually sent POL to unstick a bridged USDC, this is for you.</p> <p>Happy to answer questions — especially if you're building AI agents that need DeFi access.</p> defi crypto python ai I Built an MCP Tool That Scans Smart Contracts for Security Risks fino Mon, 16 Mar 2026 21:21:13 +0000 https://dev.to/fino_3953725ae0be269e863a/i-built-an-mcp-tool-that-scans-smart-contracts-for-security-risks-338m https://dev.to/fino_3953725ae0be269e863a/i-built-an-mcp-tool-that-scans-smart-contracts-for-security-risks-338m <blockquote> <p><strong>TL;DR</strong>: I deployed a contract security scanner on Base L2, then wrapped it as an MCP server so any AI assistant (Claude, Cursor, Cline) can scan contracts on demand. Free, open, permissionless.</p> </blockquote> <h2> The problem </h2> <p>Before interacting with a smart contract — approving a token, depositing in a DeFi protocol, buying an NFT — you should check if it's safe. But most devs just... don't. It's too slow to manually check Etherscan, read the ABI, look for rug patterns.</p> <p>I wanted to make this a one-liner inside my AI assistant.</p> <h2> What I built </h2> <p>An MCP (Model Context Protocol) server that exposes a contract scanner as a tool.</p> <p>Once installed, you just ask:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>"Is this token safe to buy? 0x4ed4e862860bed51a9570b96d89af5e1b0efefed" </code></pre> </div> <p>And your AI assistant calls the tool automatically and returns:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code><span class="gu">## 🟡 Risk Score: 30/100 — MEDIUM</span> Contract: 0x4ed4e862... Name: DEGEN Age: 412 days Source verified: ✅ Yes <span class="gu">### 🟠 HIGH (1)</span> <span class="p">-</span> mint(address,uint256): Selector 0x40c10f19 found in bytecode <span class="gu">### ✅ GOOD (3)</span> <span class="p">-</span> Source code verified <span class="p">-</span> ERC20 compliant <span class="p">-</span> Active contract (100+ recent txs) </code></pre> </div> <h2> How it works </h2> <p><strong>The scanner</strong> analyzes a contract address on Base L2:</p> <ol> <li>Fetches bytecode via free RPC (<code>https://mainnet.base.org</code>)</li> <li>Checks source verification via BaseScan API (free tier)</li> <li>Scans for risky function selectors in bytecode: <ul> <li>🔴 Critical: <code>rescueTokens()</code>, <code>withdrawAll()</code> (backdoors)</li> <li>🟠 High: <code>mint()</code>, <code>blacklist()</code> </li> <li>🟡 Medium: <code>pause()</code>, <code>setFee()</code>, upgradeable proxies</li> </ul> </li> <li>Checks contract age and transaction activity</li> <li>Returns a risk score 0–100</li> </ol> <p><strong>The MCP layer</strong> wraps this as 3 tools:</p> <ul> <li> <code>scan_contract(address)</code> — full scan with findings</li> <li> <code>batch_scan([addr1, addr2, ...])</code> — compare up to 5 contracts</li> <li> <code>interpret_risk(score, findings)</code> — get SAFE / CAUTION / HIGH_RISK / DO_NOT_USE</li> </ul> <h2> Install in Claude Desktop </h2> <p>Add to <code>~/Library/Application Support/Claude/claude_desktop_config.json</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"mcpServers"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"contract-scanner"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"command"</span><span class="p">:</span><span class="w"> </span><span class="s2">"node"</span><span class="p">,</span><span class="w"> </span><span class="nl">"args"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"/path/to/p8/mcp/server.js"</span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Same config works for Cursor (<code>~/.cursor/mcp.json</code>) and Cline.</p> <h2> The architecture </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>AI Assistant (Claude/Cursor/Cline) ↓ MCP protocol (stdio) server.js ← McpServer + StdioTransport ↓ scanner.js ← ethers.js + BaseScan API ↓ Base L2 RPC (free) + BaseScan (free tier) </code></pre> </div> <p>No server. No API key required for basic scans. No wallet needed — read-only.</p> <h2> What's next </h2> <p>The scanner results can also be posted <strong>on-chain</strong> via the <code>AgentEscrow.sol</code> contract I deployed on Base:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Client sends 0.5 USDC → AgentEscrow → JobCreated event Scanner analyzes → posts result hash on-chain 24h dispute window → USDC released to scanner wallet </code></pre> </div> <p>This makes the scanner a <strong>trustless on-chain service</strong>: pay-per-scan, verifiable, no middleman.</p> <p>The code is on Base mainnet. Scanner wallet: <code>0x804dd2cE4aA3296831c880139040e4326df13c6e</code></p> <p>If you find it useful, try it. If you find a bug, open an issue.</p> blockchain security mcp solidity