MCP vs REST for DeFi treasury automation

Why MCP tool schemas beat ad-hoc HTTP for LLM agents integrating DeFi treasuries. Comparison table, custody axis, and Forge production tool catalogue.

Last updated: May 25, 2026 · Published 2026-05-25

DeFi treasury automation for AI agents can integrate via REST/GraphQL APIs or via the Model Context Protocol (MCP). REST dominated the last decade of fintech — OpenAPI specs, JWT sessions, rate limits. MCP emerged for LLM runtimes where tool schemas are first-class: Cursor, Claude Desktop, and custom agent frameworks discover capabilities without memorising URL paths. Forge Treasury ships MCP-native vault tools at mcp.forgetreasury.com/mcp; the marketing site exposes REST-like subgraph reads on Stats. This article explains when each layer fits, why tool schemas beat ad-hoc HTTP for agents, and how calldata-only MCP differs from custodial REST yield APIs. Read Risks & Disclosures — Forge contracts are unaudited; yield is variable.

The agent integration problem REST solves poorly

Traditional treasury APIs assume a human operator and a fixed frontend. An autonomous agent needs: discoverable capabilities, typed parameters, composable chains ("balance → simulate → approve → deposit"), and explicit non-custodial boundaries. REST endpoints scattered across `/vault`, `/deposit`, `/apy` force prompt authors to embed route catalogues that drift. MCP registers tools with JSON Schema — the client renders them in tool pickers and validates inputs before the model hallucinates a POST body.

• Discovery: MCP lists tools at connect time; REST needs external OpenAPI docs.
• Validation: Zod/JSON Schema on MCP inputs; REST returns 400 after bad requests burn agent turns.
• Composition: Multiple MCP servers (Forge + wallet + explorer) chain in one agent session.
• Versioning: Tool descriptions embed deprecation notes; REST versioning is ad hoc.

MCP vs REST — comparison table

Why tool schemas beat ad-hoc HTTP for LLM agents

Large language models are unreliable HTTP clients. They invent paths, omit required fields, and misencode addresses. MCP pushes validation to the protocol boundary: `deposit` requires `amount`, `agentAddress`, optional `profile` enum — invalid profiles return `STRATEGY_NOT_LIVE` instead of silent wrong-vault deposits. Tool descriptions carry product canon ("Conservative → Core vault only") so the model reads constraints every invocation. REST can achieve similar with strict OpenAPI + server validation, but agent frameworks do not ingest OpenAPI as natively as MCP tools.

Example: Forge `list_profiles` returns vault addresses, strategy weights, and timelock flags — one tool call replaces three REST round trips an agent might skip. `get_vault_stats` bundles TVL, share price, and adapter metadata for Core. Agents building user-facing copy should still link Risks & Disclosures — MCP tools are plumbing, not investment advice.

Where REST still belongs in Forge stack

• Stats page — subgraph GraphQL for human-readable TVL charts (Stats).
• Health endpoint — `GET https://mcp.forgetreasury.com/health` for uptime monitors (not MCP protocol).
• Subgraph indexing — historical deposits/withdraws for analytics agents that ingest GraphQL directly.
• Basescan / RPC — raw eth_call for dispute resolution when MCP and subgraph disagree.

Hybrid architectures are normal: MCP for write path calldata generation, GraphQL for read path history, RPC for authoritative on-chain state. Agents should not treat Stats APY displays as guaranteed — they mirror illustrative MCP targets.

REST yield APIs vs Forge MCP — custody axis

Forge MCP on production never holds USDC or private keys. Compare base-yield-agent — MCP surface with custodial Privy backend. The protocol choice (MCP vs REST) is orthogonal to custody; always read tool responses for `calldata` vs `signedTransaction` fields.

Forge MCP tool catalogue (production)

• `deposit` — build Core vault deposit calldata (Conservative MVP).
• `withdraw` — ERC-4626 redeem calldata.
• `simulate_deposit` — illustrative economics before broadcast.
• `get_current_apy` — target/illustrative blends — not guaranteed yield.
• `get_vault_stats` — share price, adapters, chain metadata.
• `get_balance` — fUSDC share balance for an address.
• `list_profiles` — vault vs strategy mapping and live flags.
• `get_forge_rewards` / `claim_forge` — separate emission path.

Implementing MCP in your agent stack

1. Add Forge MCP URL to Cursor/Claude config (Docs deeplink).
2. On session start, enumerate tools — cache names, not stale vault addresses.
3. Implement policy: always `simulate_deposit` before `deposit` for new amounts.
4. Use wallet MCP or viem for USDC `approve` — MCP does not return approve calldata today.
5. Verify chain ID 8453, USDC `0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913`, Core vault address from tool output.
6. Monitor `mcp.forgetreasury.com/health`; fall back to direct contract calls if MCP down.

When to skip MCP and use REST/RPC directly

Non-LLM services (cron jobs, Go backends) may prefer viem + ABIs over MCP HTTP — no model in the loop. High-frequency trading bots should not round-trip through MCP latency. Compliance pipelines that require custodial audit logs may need REST from a qualified custodian — Forge does not offer that. MCP wins when an LLM selects tools and human-readable schema descriptions reduce operational errors.

Security and versioning

• Pin MCP endpoint URL; beware phishing clones.
• Treat tool metadata `asOf` timestamps as freshness signals.
• After timelock adapter changes, refresh `get_vault_stats` — do not cache forever.
• Unaudited contracts — MCP convenience does not reduce smart-contract risk (Risks).
• Separate USDC yield from FORGE emissions in agent reporting (guide).

REST authentication patterns agents must not confuse with MCP

Many REST yield APIs use API keys, OAuth, or session cookies tied to a custodial account. Agents embedding those keys in prompts or server env vars create a second custody layer — the API operator can move funds even if the agent "signs" via their API. Forge MCP production uses no deposit API key: authentication is your wallet signature on calldata the tool returns. When evaluating any treasury REST integration, ask: does this endpoint return calldata or execute on my behalf? If execute, you are not on the same non-custodial axis as Forge Option A.

Future: MCP resources and prompts

The MCP specification defines resources and prompts alongside tools. Forge may expose vault ABIs, adapter manifests, and risk disclaimers as MCP resources — reducing web fetches in agent context. REST OpenAPI could mirror the same data for non-MCP clients. Phase 2 multi-vault deposits will extend tool outputs with calldata arrays; REST consumers would need parallel schema bumps.