szhygulin/recon-crypto-mcp

v0.4.1 Security

This release includes 4 security fixes for security teams reviewing exposed deployments.

Published 1mo MCP Developer Tools

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 4 known CVEs

Topics

aave ai-agent arbitrum claude claude-code compound

+13 more

crypto cursor defi ethereum ledger lifi mcp mcp-server model-context-protocol polygon solana uniswap walletconnect

Affected surfaces

auth deps

Summary

AI summary

TRON rawDataHex verification before signing closes a MITM attack window.

Full changelog

Security patch release. No API changes, no breaking behaviour.

Security fixes

TRON rawDataHex verification before signing. Every TronGrid builder now decodes the returned Transaction.raw protobuf and asserts the inner contract matches caller intent (owner/to/amount/contract/calldata/vote_count/resource/fee_limit) byte-for-byte before issuing a signing handle. Closes the MITM window where a compromised TronGrid response could swap destination or amount between the JSON preview shown to the user and the hex the Ledger actually signs.
Feedback issue titles neutralize @-mentions. GitHub parses @-mentions in issue titles, not just bodies; prompt-injected summaries could have pinged arbitrary users when an issue was opened.
RPC config errors redact URLs. Configured RPC URLs commonly embed a provider API key in the path; RpcConfigError no longer interpolates the URL into its message, so malformed URLs can't leak keys into logs/stderr.
vitest ^2.1.0 → ^4.1.4. Pulls a vite/esbuild chain that resolves GHSA-67mh-4wv8-2f99 (dev-only). 341/341 tests pass unchanged on the new major. npm audit → 0 vulnerabilities.

Socket.dev supply-chain triage

Triaged but not actionable in our deployment:

[email protected] ReDoS (via @walletconnect/keyvaluestorage → unstorage → anymatch) — glob patterns are WC-internal storage keys, never user-controlled. picomatch@4 is ESM-only and breaks anymatch@3's CJS usage.
@0no-co/graphqlsp / @gql.tada/cli-utils — dev-only GraphQL LSP + CLI transitively via @lifi/sdk → @mysten/sui, never invoked at runtime.
node-mock-http / parseurl "typosquat" flags — false positives on legitimate UnJS / jshttp packages.

See PR #30 for full technical detail.

Verification

npx vitest run — 341/341 pass
npx tsc --noEmit — clean
npm audit — 0 vulnerabilities

Install

npm install [email protected]

Also published to the MCP Registry as io.github.szhygulin/[email protected].

Security Fixes

TRON rawDataHex verification before signing — closes MITM window where compromised TronGrid response could alter destination or amount (no CVE ID provided).
Feedback issue titles neutralize @-mentions in GitHub, preventing unintended user pings.
RPC config errors redact URLs, avoiding API key leakage in logs/stderr.
dep: GHSA-67mh-4wv8-2f99 fixed by upgrading vitest from ^2.1.0 to ^4.1.4 (dev‑only).

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track szhygulin/recon-crypto-mcp

Get notified when new releases ship.

About szhygulin/recon-crypto-mcp

Self-custodial crypto portfolio for AI agents. Reads EVM wallet balances, ENS, token prices, and DeFi positions across Ethereum/Arbitrum/Polygon/Base (Aave V3, Compound V3, Morpho Blue, Uniswap V3 LP, Lido, EigenLayer), surfaces health-factor alerts and protocol risk scores, then prepares unsigned transactions (supply, borrow, repay, withdraw, stake, send, LiFi swap/bridge) signed on Ledger via WalletConnect — private keys never leave the hardware wallet.

All releases →