// Search 50,000+ smart contract vulnerabilities from Cyfrin Solodit. 8 MCP tools with intelligent caching for searching, filtering, and analyzing blockchain security findings.
| name | solodit |
| description | Search 50,000+ smart contract vulnerabilities from Cyfrin Solodit. 8 MCP tools with intelligent caching for searching, filtering, and analyzing blockchain security findings. |
| mcp | [{"name":"solodit-api","command":"npx","args":["-y","BowTiedSwan/solodit-api-skill"],"env":{"CYFRIN_API_KEY":"${CYFRIN_API_KEY}"}}] |
Search and retrieve smart contract security vulnerabilities from Cyfrin Solodit - the world's largest database of blockchain security findings.
Solodit aggregates 50,000+ security findings from top audit firms including Cyfrin, Sherlock, Code4rena, Trail of Bits, OpenZeppelin, and more. This skill provides 8 MCP tools with intelligent caching:
export CYFRIN_API_KEY="sk_your_api_key_here"
Add to your shell profile (~/.bashrc, ~/.zshrc) for persistence.
Search and filter security findings from the Solodit database.
Parameters:
| Parameter | Type | Description |
|---|---|---|
keywords | string | Search terms (e.g., "reentrancy", "oracle manipulation") |
impact | string[] | Severity filter: ["HIGH"], ["HIGH", "MEDIUM"], etc. |
audit_firms | string[] | Filter by auditor: ["Cyfrin", "Sherlock"] |
tags | string[] | Vulnerability tags: ["Reentrancy", "Oracle", "Access Control"] |
protocol_categories | string[] | Protocol types: ["DeFi", "NFT", "Lending"] |
languages | string[] | Programming language: ["Solidity", "Rust", "Cairo"] |
protocol | string | Protocol name (partial match) |
min_quality | number | Minimum quality score (1-5) |
sort | string | Sort by: "recency", "quality", "rarity" |
page | number | Page number (default: 1) |
page_size | number | Results per page (max: 100, default: 20) |
Retrieve a specific vulnerability by its ID or slug.
Parameters:
| Parameter | Type | Description |
|---|---|---|
id | string | Finding ID (numeric) or slug (URL-friendly identifier) |
verbose | boolean | Include full content and summary (default: true) |
List all available audit firms in the database. Cached for 24 hours.
Parameters:
| Parameter | Type | Description |
|---|---|---|
refresh | boolean | Force refresh the cached list (default: false) |
List all available vulnerability tags. Cached for 24 hours.
Parameters:
| Parameter | Type | Description |
|---|---|---|
refresh | boolean | Force refresh the cached list (default: false) |
List all protocol categories (DeFi, NFT, Lending, DEX, Bridge, etc.).
List all supported programming languages (Solidity, Rust, Cairo, Vyper, Move, Huff, Fe, Ink!).
Get database statistics including total findings, cache status, and rate limit info.
Clear cached data to fetch fresh results.
Parameters:
| Parameter | Type | Description |
|---|---|---|
type | string | Cache type: "all", "search", "findings", "metadata" |
The MCP server implements intelligent caching to reduce API calls:
| Cache Type | TTL | Purpose |
|---|---|---|
| Search Results | 5 minutes | Recent search queries |
| Individual Findings | 1 hour | Findings by ID/slug |
| Metadata | 24 hours | Audit firms, tags lists |
For environments without MCP support, use curl directly:
curl -X POST https://solodit.cyfrin.io/api/v1/solodit/findings \
-H "Content-Type: application/json" \
-H "X-Cyfrin-API-Key: $CYFRIN_API_KEY" \
-d '{
"page": 1,
"pageSize": 20
}'
curl -X POST https://solodit.cyfrin.io/api/v1/solodit/findings \
-H "Content-Type: application/json" \
-H "X-Cyfrin-API-Key: $CYFRIN_API_KEY" \
-d '{
"page": 1,
"pageSize": 20,
"filters": {
"keywords": "reentrancy",
"impact": ["HIGH", "MEDIUM"],
"sortField": "Quality",
"sortDirection": "Desc"
}
}'
curl -X POST https://solodit.cyfrin.io/api/v1/solodit/findings \
-H "Content-Type: application/json" \
-H "X-Cyfrin-API-Key: $CYFRIN_API_KEY" \
-d '{
"page": 1,
"pageSize": 20,
"filters": {
"firms": [{"value": "Cyfrin"}, {"value": "Sherlock"}],
"impact": ["HIGH"]
}
}'
Search for all HIGH severity findings in lending protocols from the last 90 days, sorted by quality score
Find oracle manipulation vulnerabilities in DeFi protocols with quality score 4 or higher
Search for flash loan attack examples with tag "Flash Loan" sorted by rarity
List all audit firms available in the database
Get database statistics
X-RateLimit-Remaining in responses