API Documentation
Complete API reference for integrating DeFiGuard AI into your applications
Quick Start
DeFiGuard AI provides RESTful APIs for analyzing smart contracts, recording audits on-chain, and minting certification badges. All endpoints require JSON payloads and return JSON responses.
Base URL:
https://your-domain.com/apiMCP Architecture: How It Works
Understanding the Model Context Protocol integration that powers DeFiGuard AI
What is MCP Architecture?
DeFiGuard AI uses Model Context Protocol (MCP) to enhance AI analysis with specialized data sources. When you submit a contract for analysis, three MCP servers work in parallel to provide comprehensive security insights.
1. SlitherMCP Server
Performs static code analysis on your Solidity contract:
- Detects known vulnerability patterns (reentrancy, overflow, access control)
- Analyzes code structure and identifies security weaknesses
- Provides line-by-line vulnerability mapping with severity levels
- Identifies gas optimization opportunities
2. BlockchainMCP Server
Fetches on-chain data when a contract address is provided:
- Retrieves contract verification status from blockchain explorers
- Fetches transaction history and interaction patterns
- Analyzes token holder distribution and contract usage
- Validates contract behavior in production environment
3. DeFiDataMCP Server
Correlates contract patterns with historical exploits:
- Matches vulnerabilities to real-world hacks (DAO Hack 2016, Parity Wallet, etc.)
- Provides exploit scenarios based on similar compromised contracts
- Enhances AI understanding with DeFi protocol security data
- Offers historical context for vulnerability assessment
How MCP Enhances AI Analysis
Step 1: All three MCP servers execute in parallel, collecting static analysis, on-chain data, and historical exploit information.
Step 2: The collected data is aggregated into a rich context that includes vulnerability patterns, real-world usage, and historical correlations.
Step 3: This enriched context is injected into the Gemini AI prompt, providing the model with multi-dimensional understanding beyond simple code review.
Step 4: Gemini AI generates comprehensive vulnerability reports that combine code analysis, real-world validation, and historical knowledge.
Benefits
/api/analyzeAnalyze a smart contract for security vulnerabilities using Gemini AI + MCP Architecture
Parameters
codestringcontractAddressstringContract address (optional)Response
{
"success": true,
"data": {
"riskScore": "number",
"vulnerabilities": "array",
"recommendations": "array",
"overallAssessment": "string"
},
"modelUsed": "string"
}Example
// Analyze a smart contract
const response = await fetch('/api/analyze', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({
code: contractSourceCode,
contractAddress: '0x...' // Optional
})
});
const result = await response.json();
// Returns: { success: true, data: VulnerabilityAnalysis, modelUsed: string }/api/record-auditRecord an audit result on-chain to the AuditRegistry contract
Parameters
contractAddressstringriskScorenumberreportHashstringResponse
{
"success": true,
"transactionHash": "string"
}Example
/api/mint-badgeMint an NFT certification badge for contracts with risk score < 40
Parameters
contractAddressstringriskScorenumberResponse
{
"success": true,
"tokenId": "string",
"transactionHash": "string"
}Example
Error Handling
All API endpoints return standard HTTP status codes. Errors are returned in the following format:
{
"success": false,
"error": "Error message describing what went wrong",
"details": { /* Additional error details in development */ }
}Rate Limiting
API requests are rate-limited to prevent abuse. Current limits:
- • Analyze endpoint: 10 requests per minute per IP
- • Record audit endpoint: 5 requests per minute per wallet
- • Mint badge endpoint: 3 requests per minute per wallet