v0.2.0 · live
CAPFRAME
← leaderboard/rank #46
§ serverhttpfindings.v2

OpenZeppelin Stylus Contracts MCP

https://mcp.openzeppelin.com/contracts/stylus/mcp

Score
B94
Findings
3
Tools
3
Last scan
2026-06-05

Severity breakdown

Critical0
High0
Medium3
Low0
Info0

Worst finding

Tool `stylus-erc20` accepts unconstrained string input

· stylus-erc20

The following string parameter(s) have no `maxLength` constraint: `name`. Unbounded strings let an attacker stuff arbitrary payloads through the tool, including indirect-injection content.

fix: Add a `maxLength` to each string property, or constrain with an `enum` or `pattern`. Most legitimate tool inputs fit under a few hundred bytes.

All 3 findings

  1. medium
    Tool `stylus-erc20` accepts unconstrained string input· stylus-erc20unconstrained input

    The following string parameter(s) have no `maxLength` constraint: `name`. Unbounded strings let an attacker stuff arbitrary payloads through the tool, including indirect-injection content.

    fix: Add a `maxLength` to each string property, or constrain with an `enum` or `pattern`. Most legitimate tool inputs fit under a few hundred bytes.

  2. medium
    Tool `stylus-erc721` accepts unconstrained string input· stylus-erc721unconstrained input

    The following string parameter(s) have no `maxLength` constraint: `name`. Unbounded strings let an attacker stuff arbitrary payloads through the tool, including indirect-injection content.

    fix: Add a `maxLength` to each string property, or constrain with an `enum` or `pattern`. Most legitimate tool inputs fit under a few hundred bytes.

  3. medium
    Tool `stylus-erc1155` accepts unconstrained string input· stylus-erc1155unconstrained input

    The following string parameter(s) have no `maxLength` constraint: `name`. Unbounded strings let an attacker stuff arbitrary payloads through the tool, including indirect-injection content.

    fix: Add a `maxLength` to each string property, or constrain with an `enum` or `pattern`. Most legitimate tool inputs fit under a few hundred bytes.

How this was scored

Source http live HTTP MCP endpoint, classified against every rule. Findings are emitted by the public capframe.findings.v1 schema. Score = 100 − (10·Critical + 4·High + 2·Medium + 1·Low), clamped to [0, 100].

Disagree with a finding? Open an issue.