SlideShare ist ein Scribd-Unternehmen logo

Advanced NEO Smart Contracts Workshop

Switcheo
Switcheo

This document provides an overview of advanced NEO smart contracts. It begins with an agenda for the workshop and questions about transaction experience. It then discusses how NEO verifies transactions using witness scripts and unspent outputs. Details are given on transaction structure, types, and attributes. Best practices are outlined around constraining invocation scripts, guarding dynamic invokes, prefixing storage keys, validating inputs, and protecting users. The presentation encourages following Switcheo for an upcoming API development competition.

Technologie
1 von 29
Advanced NEO Smart Contracts Presented by: #SwitchtoSwitcheo
Ivan Poon Co-Founder, CEO Switcheo Network Speaker Info ivan.poon@switcheo.network
#SwitchtoSwitcheo Some Questions First! 1. Has anyone read Satoshi’s whitepaper? 2. Does anyone have experience with Ethereum 
 smart contract development?
#SwitchtoSwitcheo Workshop Agenda 1. How Does NEO Verify Transactions? 2. How To Make Withdrawals From A Smart Contract? 3. NEO Smart Contracts Best Practices 4. Questions and Answers (Q&A) 5. Demo (If there is time)
#SwitchtoSwitcheo Presentation Materials https://bit.ly/2tSoHDC
#SwitchtoSwitcheo How Does NEO Verify Transactions? CheckWitness(t_from) What is “witness”? And are we actually “checking” for here? https://github.com/kentarohorie/simple-neo-token-sample/blob/1a38e50/yourcoin/nep5.py#L58 To find out, we need to understand: • NEO’s transaction structure, and • “unspent outputs” or “UTXOs” (this type of model is inherited from Bitcoin) Recall this code from the lecture in the Transfer operation:
#SwitchtoSwitcheo NEO Transaction Structure https://github.com/CityOfZion/neon-js/blob/e5b63db/src/ transactions/core.js#L79 f9592fc8a8fbc6be23963983f28179dcb341219b a12431d0b9db640034b0cdfceef9cce161e62be4 560827208eed0ec04254f523cd5373ec1b394683 6e3382c4c4a69a3a62b489a456b327b5d301bea6 8888888721e49496726d4bf1c32876c0b41cd01f https://github.com/neo-project/neo/blob/ 23bbe9b/neo/Core/Transaction.cs#L18 JSON Byte Code { “type”: …, “version”: …, “attributes”: […], “inputs”: […], “outputs”: […], “scripts”: […], “script”: …, }
#SwitchtoSwitcheo NEO Transaction Types You can find the full list of transaction “types”: https://github.com/neo-project/neo/blob/master/neo/Core/TransactionType.cs ContractTransaction Normal NEO & GAS transfers InvocationTransaction Invokes some operations in the NEO VM using the given script 2 Most Common Types:
#SwitchtoSwitcheo NEO Transaction Attributes Full list of transaction attribute types or “usages” here: https://github.com/neo-project/docs/blob/master/en-us/sc/reference/fw/dotnet/neo/TransactionAttribute/Usage.md General Usages Specific Usages • Doesn’t change transaction execution • For general uses like logging transaction purpose as a record, or adding data for deployed smart contracts to read from • e.g.: Data “Hash”, or “Remarks” • Causes transaction to be verified or executed differently • e.g: “Additional Witness” or “Script” (0x20), etc. • Will look at one, read docs for info on the others
#SwitchtoSwitcheo NEO Inputs & Outputs { inputs: [{ txid: “0xa…”, index: 0, address: A, amount: 5, }, { txid: “0xb…”, index: 0, address: B, amount: 7, }], outputs: [{ address: C, 
 amount: 12 }],
 attributes: [{ usage: 0x20, // Script data: <addr D>], } Transaction
 must be 
 witnessed by A+B+D Address A +5 Address B +7 Address C 12 https://bitcoin.org/en/developer-guide#block-chain
#SwitchtoSwitcheo { scripts: [{ invocation: <addressA_Signature>, verification: <addressA_VerificationScript> }, invocation: <addressB_Signature>, verification: <addressB_VerificationScript> }, invocation: <addressD_Signature>, verification: <addressD_VerificationScript> }, ], } NEO Witness Scripts 0x … … … … … … ECDSA Signature 0x … … … … Public Key 0xac Check Signature 64 bytes long 33 bytes long Invocation: https://github.com/CityOfZion/neon-js/blob/4634e74/src/wallet/core.js#L84 Verification: https://github.com/CityOfZion/neon-js/blob/4634e74/src/transactions/core.js#L150 Witness Scripts for a standard “wallet contract” 0x40 Push 40 Bytes invocation 0x21 Push 33 Bytesverification
#SwitchtoSwitcheo NEO Script • This is only for transactions of Invocation type. • The script is directly executed by the VM • So it is actually just a series of opcodes and data { …, “script”:“020bf1920…”, … }
#SwitchtoSwitcheo OpCode Hex Explanation PUSH20 0x20 Pushes the next 20 bytes onto the stack <from> 0x11fg876d.. Push the “from” address for an NEP-5 transfer operation PUSH3 0x53 Pushes the number ‘3' onto the stack 0x11fg876d.. 0x225ab73.. 0x3356765.. 3 … … … … … … … … … … … … PACK 0xC1 Pops N from stack and combines the next N items into an array PUSHBYTES8 0x08 Pushes the next 8 bytes onto the stack “transfer” 0x7472616e73666572 the operation string as bytes in this case it is the “transfer” operation for NEP-5 APPCALL 0x67 Reads the next 20 bytes and invokes the corresponding deployed contract with Application Trigger. <scriptHash> 0xa12cde… The hash of the deployed smart contract to invoke So transaction will have: { …, “script”:“020bf1920…” } 0x11 0x22 0x3 0x7472616.. Stack https://github.com/neo-project/neo-vm/blob/master/src/neo-vm/OpCode.cs Script example for a standard entrypoint: Main(string operation, params object[] args) NEO Script
#SwitchtoSwitcheo Verification of Smart Contracts Verify([mempool]) VerifyScripts(IVerifiable) GetScriptHashesForVerifying() https://github.com/neo-project/neo/blob/ 23bbe9b/neo/Core/Transaction.cs#L330 https://github.com/neo-project/neo/blob/ 23bbe9b/neo/Core/Helper.cs#L46 https://github.com/neo-project/neo/blob/ 23bbe9b/neo/Core/Transaction.cs#L227 Check Double Spend, etc.. Get hashes that must match Verification Scripts (found in “scripts”) Get hashes of inputs Add data (hash) in transaction attribute 0x20 (usage “Script” a.k.a. “Additional Witness”)
 
 This is useful if you want to ensure Verification runs on a deployed contract, but are not using inputs from a smart contract Hashes each VerificationScript and compares hashes in order. Fails if any missing or does not match. Executes Invocation Script + Verification Script. Fails if hash mismatch, or does not return true Pass!
#SwitchtoSwitcheo Verification of Smart Contracts https://github.com/neo-project/neo/blob/23bbe9b/neo/Core/Helper.cs#L61 How to run custom verification on deployed contracts? Write custom verification logic in Trigger User can leave VerificationScript empty if deployed 
 contract needs to be a witness
#SwitchtoSwitcheo Dangers of Sending from Custom Smart Contracts Jack’s Available Balance: 5 NEO Jack’s Transaction A 5 NEO To Jack *State cannot be changed during verification 5 NEO To Jack Jack’s Transaction B 5 NEO To Jack Jack’s Transaction C 5 NEO To Jack Jack’s Transaction D > Change 
 Jack’s Balance 0 - 5 = ??? > Change 
 Jack’s Balance 5 - 5 = 0 NEO VERIFICATION APPLICATION
#SwitchtoSwitcheo VERIFICATION APPLICATION *State cannot be changed during verification 5 NEO Jack’s Transaction A 5 NEO Jack’s Transaction B 5 NEO Jack’s Transaction C 5 NEO Jack’s Transaction D Jack’s Available Balance: 5 NEO > Not enough balance, do nothing > Check & Change Jack’s Balance 0 NEO < 5 NEO > Reserve Output to Jack > Check & Change 
 Jack’s Balance 5 - 5 = 0 NEO Dangers of Sending from Custom Smart Contracts
Jack’s Transaction A > Cleanup 2 VERIFICATION APPLICATION #SwitchtoSwitcheo Jack’s Transaction A 1 5 NEO 5 NEO To Jack > Reserve Output to Jack > Check & Change 
 Jack’s Balance 5 - 5 = 0 NEO VERIFICATION APPLICATION Dangers of Sending from Custom Smart Contracts
#SwitchtoSwitcheo Examples for Sending from Custom Smart Contracts Some example implementations and references: Switcheo Exchange (live): https://github.com/ConjurTech/switcheo/blob/v2/switcheo/BrokerContract.cs NeoResearch (prototype): https://github.com/NeoResearch/nep-distributed-payments/blob/master/workingPrototype.cs Neon Exchange (whitepaper): https://neonexchange.org/pdfs/whitepaper_v1.pdf
#SwitchtoSwitcheo Dangers Of Using Verification Trigger Witness can be used in other contracts! Withdrawing NEO! Runtime.CheckWitness(MyContractScriptHash) will be true. So “transfer” from “My Contract” to ANYONE will also pass! My Contract RPX Token *My Contract has 1000 RPX tokens *Transaction’s script is an “AppCall" to “RPX Token" instead of “My Contract”! Withdrawal checks pass 
 so contract returns true VERIFICATION APPLICATION
#SwitchtoSwitcheo Best Practices - Constrain Invocation Script *My Contract has 1000 RPX tokensVERIFICATION https://github.com/ConjurTech/switcheo/blob/v2/switcheo/BrokerContract.cs#L198
Best Practices - Guard When Doing Dynamic Invoke My Contract ATK Token RPX Token 1000 RPX 100 ATK transfer transfer fr: SC to: A amt: 100 ATK fr: SC to: A amt: 1000 RPX Attacker withdraw fr: SC to: A amt: 100 ATK https://github.com/neo-project/proposals/pull/44/files#diff-e5a1452ea0de8fa24b9c328151e94affR90 NEP-5
#SwitchtoSwitcheo Best Practices - Prefix All Storage Keys https://github.com/kentarohorie/simple-neo-token-sample/blob/1a38e50/yourcoin/nep5.py#L151 -> When t_spender is an empty byte array, approval_key is 
 the same format as balanceOf key! https://github.com/kentarohorie/simple-neo-token-sample/blob/1a38e50/yourcoin/nep5.py#L29 ->> Value of balance can be changed wrongly!
#SwitchtoSwitcheo Best Practices - Prefix All Storage Keys https://github.com/ConjurTech/switcheo/blob/v2/switcheo/BrokerContract.cs Storage keys should be prefixed by unique, non-overlapping bytes 
 for different types of data
#SwitchtoSwitcheo Best Practices - Validate All User Inputs Validate ALL inputs from users, and constrain them to the minimum set of formats • Length of both t_owner and t_spender should be constrained to 20 as 
 addresses are 20 bytes long • Reduce flows and set of inputs to test or check against • Acts as additional guard against accidental “key collision”
#SwitchtoSwitcheo Best Practices - Protect Users Whenever Possible Don’t assume honest clients will always send in valid inputs! • Don’t let user lose assets or “burn” tokens accidentally through malformed script 
 or transaction • Never ignore receiving of system assets if possible, in case of accidental sends • Always handle received system assets by moving to an internal user balance and let users withdraw it later • When encountering invalid state or input during smart contract execution, revert whole script by throwing Exceptions, see link
The First NEO-based DEX
#SwitchtoSwitcheo V2 Launch - API Development Competition Switcheo is holding an API Development Contest for our upcoming V2 launch! Prizes include: 1,000,000 SWTH Tokens, 
 Customised Switcheo Ledger Nano S’s,
 and various Switcheo Merch! Follow us for more details!
Thank You Switcheo.Network Contact@Switcheo.Network Come Talk To Us! https://t.me/switcheo @switcheonetwork

Empfohlen

Chromium Sandbox on Linux (NDC Security 2019)
Chromium Sandbox on Linux (NDC Security 2019)Chromium Sandbox on Linux (NDC Security 2019)
Chromium Sandbox on Linux (NDC Security 2019)Patricia Aas
 
Bitcoin protocol for developers at techfest
Bitcoin protocol for developers at techfestBitcoin protocol for developers at techfest
Bitcoin protocol for developers at techfestAlberto Gomez Toribio
 
Chromium Sandbox on Linux (BlackHoodie 2018)
Chromium Sandbox on Linux (BlackHoodie 2018)Chromium Sandbox on Linux (BlackHoodie 2018)
Chromium Sandbox on Linux (BlackHoodie 2018)Patricia Aas
 
Cisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-oneCisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-oneDefconRussia
 
mimikatz @ rmll
mimikatz @ rmllmimikatz @ rmll
mimikatz @ rmllBenjamin Delpy
 
Bitcoin protocol for developerBitcoin Protocol for Developers
Bitcoin protocol for developerBitcoin Protocol for DevelopersBitcoin protocol for developerBitcoin Protocol for Developers
Bitcoin protocol for developerBitcoin Protocol for DevelopersParadigma Digital
 
Formation ssh
Formation sshFormation ssh
Formation sshNicolas Ledez
 
Code Vulnerabilities & Attacks
Code Vulnerabilities & AttacksCode Vulnerabilities & Attacks
Code Vulnerabilities & AttacksMarcus Botacin
 

Empfohlen

Chromium Sandbox on Linux (NDC Security 2019)
Chromium Sandbox on Linux (NDC Security 2019)Chromium Sandbox on Linux (NDC Security 2019)
Chromium Sandbox on Linux (NDC Security 2019)Patricia Aas
 
Bitcoin protocol for developers at techfest
Bitcoin protocol for developers at techfestBitcoin protocol for developers at techfest
Bitcoin protocol for developers at techfestAlberto Gomez Toribio
 
Chromium Sandbox on Linux (BlackHoodie 2018)
Chromium Sandbox on Linux (BlackHoodie 2018)Chromium Sandbox on Linux (BlackHoodie 2018)
Chromium Sandbox on Linux (BlackHoodie 2018)Patricia Aas
 
Cisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-oneCisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-oneDefconRussia
 
mimikatz @ rmll
mimikatz @ rmllmimikatz @ rmll
mimikatz @ rmllBenjamin Delpy
 
Bitcoin protocol for developerBitcoin Protocol for Developers
Bitcoin protocol for developerBitcoin Protocol for DevelopersBitcoin protocol for developerBitcoin Protocol for Developers
Bitcoin protocol for developerBitcoin Protocol for DevelopersParadigma Digital
 
Formation ssh
Formation sshFormation ssh
Formation sshNicolas Ledez
 
Code Vulnerabilities & Attacks
Code Vulnerabilities & AttacksCode Vulnerabilities & Attacks
Code Vulnerabilities & AttacksMarcus Botacin
 
introduction to jsrsasign
introduction to jsrsasignintroduction to jsrsasign
introduction to jsrsasignKenji Urushima
 
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...CODE BLUE
 
iCloud keychain
iCloud keychainiCloud keychain
iCloud keychainAlexey Troshichev
 
For the Greater Good: Leveraging VMware's RPC Interface for fun and profit by...
For the Greater Good: Leveraging VMware's RPC Interface for fun and profit by...For the Greater Good: Leveraging VMware's RPC Interface for fun and profit by...
For the Greater Good: Leveraging VMware's RPC Interface for fun and profit by...CODE BLUE
 
Passwords#14 - mimikatz
Passwords#14 - mimikatzPasswords#14 - mimikatz
Passwords#14 - mimikatzBenjamin Delpy
 
Работа с реляционными базами данных в C++
Работа с реляционными базами данных в C++Работа с реляционными базами данных в C++
Работа с реляционными базами данных в C++corehard_by
 
[COSCUP 2021] A trip about how I contribute to LLVM
[COSCUP 2021] A trip about how I contribute to LLVM[COSCUP 2021] A trip about how I contribute to LLVM
[COSCUP 2021] A trip about how I contribute to LLVMDouglas Chen
 
[CB20] DeClang: Anti-hacking compiler by Mengyuan Wan
[CB20] DeClang: Anti-hacking compiler by Mengyuan Wan[CB20] DeClang: Anti-hacking compiler by Mengyuan Wan
[CB20] DeClang: Anti-hacking compiler by Mengyuan WanCODE BLUE
 
Build your own Blockchain with the right tool for your application
Build your own Blockchain with the right tool for your applicationBuild your own Blockchain with the right tool for your application
Build your own Blockchain with the right tool for your applicationAnthony Chow
 
C++17 now
C++17 nowC++17 now
C++17 nowcorehard_by
 
OpenSSL Basic Function Call Flow
OpenSSL Basic Function Call FlowOpenSSL Basic Function Call Flow
OpenSSL Basic Function Call FlowWilliam Lee
 
Practical non blocking microservices in java 8
Practical non blocking microservices in java 8Practical non blocking microservices in java 8
Practical non blocking microservices in java 8Michal Balinski
 
CKA Certified Kubernetes Administrator Notes
CKA Certified Kubernetes Administrator Notes CKA Certified Kubernetes Administrator Notes
CKA Certified Kubernetes Administrator Notes Adnan Rashid
 
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...sonjeku1
 
Tatu: ssh as a service
Tatu: ssh as a serviceTatu: ssh as a service
Tatu: ssh as a servicePino deCandia
 
The Ring programming language version 1.8 book - Part 91 of 202
The Ring programming language version 1.8 book - Part 91 of 202The Ring programming language version 1.8 book - Part 91 of 202
The Ring programming language version 1.8 book - Part 91 of 202Mahmoud Samir Fayed
 
Malleability and SegWit
Malleability and SegWitMalleability and SegWit
Malleability and SegWitPandora Boxchain
 
OpenZeppelin + Remix + BNB smart chain
OpenZeppelin + Remix + BNB smart chainOpenZeppelin + Remix + BNB smart chain
OpenZeppelin + Remix + BNB smart chainGene Leybzon
 
Presentation_Topalidis_Giorgos
Presentation_Topalidis_GiorgosPresentation_Topalidis_Giorgos
Presentation_Topalidis_GiorgosGiorgos Topalidis
 
Presentation topalidis giorgos
Presentation topalidis giorgosPresentation topalidis giorgos
Presentation topalidis giorgosGiorgos Topalidis
 
支撐英雄聯盟戰績網的那條巨蟒
支撐英雄聯盟戰績網的那條巨蟒支撐英雄聯盟戰績網的那條巨蟒
支撐英雄聯盟戰績網的那條巨蟒Toki Kanno
 
Blockchain technology-in-fin tech - Anton Sitnikov
Blockchain technology-in-fin tech - Anton SitnikovBlockchain technology-in-fin tech - Anton Sitnikov
Blockchain technology-in-fin tech - Anton SitnikovDataFest Tbilisi
 

Weitere ähnliche Inhalte

Was ist angesagt?

introduction to jsrsasign
introduction to jsrsasignintroduction to jsrsasign
introduction to jsrsasignKenji Urushima
 
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...CODE BLUE
 
For the Greater Good: Leveraging VMware's RPC Interface for fun and profit by...
For the Greater Good: Leveraging VMware's RPC Interface for fun and profit by...For the Greater Good: Leveraging VMware's RPC Interface for fun and profit by...
For the Greater Good: Leveraging VMware's RPC Interface for fun and profit by...CODE BLUE
 
Passwords#14 - mimikatz
Passwords#14 - mimikatzPasswords#14 - mimikatz
Passwords#14 - mimikatzBenjamin Delpy
 
Работа с реляционными базами данных в C++
Работа с реляционными базами данных в C++Работа с реляционными базами данных в C++
Работа с реляционными базами данных в C++corehard_by
 
[COSCUP 2021] A trip about how I contribute to LLVM
[COSCUP 2021] A trip about how I contribute to LLVM[COSCUP 2021] A trip about how I contribute to LLVM
[COSCUP 2021] A trip about how I contribute to LLVMDouglas Chen
 
[CB20] DeClang: Anti-hacking compiler by Mengyuan Wan
[CB20] DeClang: Anti-hacking compiler by Mengyuan Wan[CB20] DeClang: Anti-hacking compiler by Mengyuan Wan
[CB20] DeClang: Anti-hacking compiler by Mengyuan WanCODE BLUE
 
Build your own Blockchain with the right tool for your application
Build your own Blockchain with the right tool for your applicationBuild your own Blockchain with the right tool for your application
Build your own Blockchain with the right tool for your applicationAnthony Chow
 
OpenSSL Basic Function Call Flow
OpenSSL Basic Function Call FlowOpenSSL Basic Function Call Flow
OpenSSL Basic Function Call FlowWilliam Lee
 
Practical non blocking microservices in java 8
Practical non blocking microservices in java 8Practical non blocking microservices in java 8
Practical non blocking microservices in java 8Michal Balinski
 
CKA Certified Kubernetes Administrator Notes
CKA Certified Kubernetes Administrator Notes CKA Certified Kubernetes Administrator Notes
CKA Certified Kubernetes Administrator Notes Adnan Rashid
 
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...sonjeku1
 
Tatu: ssh as a service
Tatu: ssh as a serviceTatu: ssh as a service
Tatu: ssh as a servicePino deCandia
 
The Ring programming language version 1.8 book - Part 91 of 202
The Ring programming language version 1.8 book - Part 91 of 202The Ring programming language version 1.8 book - Part 91 of 202
The Ring programming language version 1.8 book - Part 91 of 202Mahmoud Samir Fayed
 

Was ist angesagt? (16)

introduction to jsrsasign
introduction to jsrsasignintroduction to jsrsasign
introduction to jsrsasign
 
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
 
iCloud keychain
iCloud keychainiCloud keychain
iCloud keychain
 
For the Greater Good: Leveraging VMware's RPC Interface for fun and profit by...
For the Greater Good: Leveraging VMware's RPC Interface for fun and profit by...For the Greater Good: Leveraging VMware's RPC Interface for fun and profit by...
For the Greater Good: Leveraging VMware's RPC Interface for fun and profit by...
 
Passwords#14 - mimikatz
Passwords#14 - mimikatzPasswords#14 - mimikatz
Passwords#14 - mimikatz
 
Работа с реляционными базами данных в C++
Работа с реляционными базами данных в C++Работа с реляционными базами данных в C++
Работа с реляционными базами данных в C++
 
[COSCUP 2021] A trip about how I contribute to LLVM
[COSCUP 2021] A trip about how I contribute to LLVM[COSCUP 2021] A trip about how I contribute to LLVM
[COSCUP 2021] A trip about how I contribute to LLVM
 
[CB20] DeClang: Anti-hacking compiler by Mengyuan Wan
[CB20] DeClang: Anti-hacking compiler by Mengyuan Wan[CB20] DeClang: Anti-hacking compiler by Mengyuan Wan
[CB20] DeClang: Anti-hacking compiler by Mengyuan Wan
 
Build your own Blockchain with the right tool for your application
Build your own Blockchain with the right tool for your applicationBuild your own Blockchain with the right tool for your application
Build your own Blockchain with the right tool for your application
 
C++17 now
C++17 nowC++17 now
C++17 now
 
OpenSSL Basic Function Call Flow
OpenSSL Basic Function Call FlowOpenSSL Basic Function Call Flow
OpenSSL Basic Function Call Flow
 
Practical non blocking microservices in java 8
Practical non blocking microservices in java 8Practical non blocking microservices in java 8
Practical non blocking microservices in java 8
 
CKA Certified Kubernetes Administrator Notes
CKA Certified Kubernetes Administrator Notes CKA Certified Kubernetes Administrator Notes
CKA Certified Kubernetes Administrator Notes
 
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
 
Tatu: ssh as a service
Tatu: ssh as a serviceTatu: ssh as a service
Tatu: ssh as a service
 
The Ring programming language version 1.8 book - Part 91 of 202
The Ring programming language version 1.8 book - Part 91 of 202The Ring programming language version 1.8 book - Part 91 of 202
The Ring programming language version 1.8 book - Part 91 of 202
 

Ähnlich wie Advanced NEO Smart Contracts Workshop

OpenZeppelin + Remix + BNB smart chain
OpenZeppelin + Remix + BNB smart chainOpenZeppelin + Remix + BNB smart chain
OpenZeppelin + Remix + BNB smart chainGene Leybzon
 
Presentation_Topalidis_Giorgos
Presentation_Topalidis_GiorgosPresentation_Topalidis_Giorgos
Presentation_Topalidis_GiorgosGiorgos Topalidis
 
Presentation topalidis giorgos
Presentation topalidis giorgosPresentation topalidis giorgos
Presentation topalidis giorgosGiorgos Topalidis
 
支撐英雄聯盟戰績網的那條巨蟒
支撐英雄聯盟戰績網的那條巨蟒支撐英雄聯盟戰績網的那條巨蟒
支撐英雄聯盟戰績網的那條巨蟒Toki Kanno
 
Blockchain technology-in-fin tech - Anton Sitnikov
Blockchain technology-in-fin tech - Anton SitnikovBlockchain technology-in-fin tech - Anton Sitnikov
Blockchain technology-in-fin tech - Anton SitnikovDataFest Tbilisi
 
“Technical Intro to Blockhain” by Yurijs Pimenovs from Paybis at CryptoCurren...
“Technical Intro to Blockhain” by Yurijs Pimenovs from Paybis at CryptoCurren...“Technical Intro to Blockhain” by Yurijs Pimenovs from Paybis at CryptoCurren...
“Technical Intro to Blockhain” by Yurijs Pimenovs from Paybis at CryptoCurren...Dace Barone
 
Ethereum Blockchain and DApps - Workshop at Software University
Ethereum Blockchain and DApps - Workshop at Software UniversityEthereum Blockchain and DApps - Workshop at Software University
Ethereum Blockchain and DApps - Workshop at Software UniversityOpen Source University
 
WebRTC 101 - How to get started building your first WebRTC application
WebRTC 101 - How to get started building your first WebRTC applicationWebRTC 101 - How to get started building your first WebRTC application
WebRTC 101 - How to get started building your first WebRTC applicationDan Jenkins
 
A Zero-Knowledge Proof: Improving Privacy on a Blockchain
A Zero-Knowledge Proof: Improving Privacy on a BlockchainA Zero-Knowledge Proof: Improving Privacy on a Blockchain
A Zero-Knowledge Proof: Improving Privacy on a BlockchainAltoros
 
Lity - 讓你更安全的 Smart Contract Language
Lity - 讓你更安全的 Smart Contract LanguageLity - 讓你更安全的 Smart Contract Language
Lity - 讓你更安全的 Smart Contract Languagehydai
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXDocker, Inc.
 
Etherem ~ agvm
Etherem ~ agvmEtherem ~ agvm
Etherem ~ agvmgha sshee
 
DEFI Notes 2022 01 15.pptx
DEFI Notes 2022 01 15.pptxDEFI Notes 2022 01 15.pptx
DEFI Notes 2022 01 15.pptxssuser00208b
 
Raconte-moi X.509 : anatomie d'une autorité de certification
Raconte-moi X.509 : anatomie d'une autorité de certificationRaconte-moi X.509 : anatomie d'une autorité de certification
Raconte-moi X.509 : anatomie d'une autorité de certificationJean-Christophe Sirot
 
Encode x NEAR: Technical Overview of NEAR 1
Encode x NEAR: Technical Overview of NEAR 1Encode x NEAR: Technical Overview of NEAR 1
Encode x NEAR: Technical Overview of NEAR 1KlaraOrban
 
How to Build Your Own Blockchain
How to Build Your Own BlockchainHow to Build Your Own Blockchain
How to Build Your Own BlockchainLeonid Beder
 
4-ZeroLab_consensus-1908.pptx
4-ZeroLab_consensus-1908.pptx4-ZeroLab_consensus-1908.pptx
4-ZeroLab_consensus-1908.pptxClaudioTebaldi2
 
Bitcoin Blockchain - Under the Hood
Bitcoin Blockchain - Under the HoodBitcoin Blockchain - Under the Hood
Bitcoin Blockchain - Under the HoodGalin Dinkov
 
Dylan Butler & Oliver Hager - Building a cross platform cryptocurrency app
Dylan Butler & Oliver Hager - Building a cross platform cryptocurrency appDylan Butler & Oliver Hager - Building a cross platform cryptocurrency app
Dylan Butler & Oliver Hager - Building a cross platform cryptocurrency appDevCamp Campinas
 

Ähnlich wie Advanced NEO Smart Contracts Workshop (20)

Malleability and SegWit
Malleability and SegWitMalleability and SegWit
Malleability and SegWit
 
OpenZeppelin + Remix + BNB smart chain
OpenZeppelin + Remix + BNB smart chainOpenZeppelin + Remix + BNB smart chain
OpenZeppelin + Remix + BNB smart chain
 
Presentation_Topalidis_Giorgos
Presentation_Topalidis_GiorgosPresentation_Topalidis_Giorgos
Presentation_Topalidis_Giorgos
 
Presentation topalidis giorgos
Presentation topalidis giorgosPresentation topalidis giorgos
Presentation topalidis giorgos
 
支撐英雄聯盟戰績網的那條巨蟒
支撐英雄聯盟戰績網的那條巨蟒支撐英雄聯盟戰績網的那條巨蟒
支撐英雄聯盟戰績網的那條巨蟒
 
Blockchain technology-in-fin tech - Anton Sitnikov
Blockchain technology-in-fin tech - Anton SitnikovBlockchain technology-in-fin tech - Anton Sitnikov
Blockchain technology-in-fin tech - Anton Sitnikov
 
“Technical Intro to Blockhain” by Yurijs Pimenovs from Paybis at CryptoCurren...
“Technical Intro to Blockhain” by Yurijs Pimenovs from Paybis at CryptoCurren...“Technical Intro to Blockhain” by Yurijs Pimenovs from Paybis at CryptoCurren...
“Technical Intro to Blockhain” by Yurijs Pimenovs from Paybis at CryptoCurren...
 
Ethereum Blockchain and DApps - Workshop at Software University
Ethereum Blockchain and DApps - Workshop at Software UniversityEthereum Blockchain and DApps - Workshop at Software University
Ethereum Blockchain and DApps - Workshop at Software University
 
WebRTC 101 - How to get started building your first WebRTC application
WebRTC 101 - How to get started building your first WebRTC applicationWebRTC 101 - How to get started building your first WebRTC application
WebRTC 101 - How to get started building your first WebRTC application
 
A Zero-Knowledge Proof: Improving Privacy on a Blockchain
A Zero-Knowledge Proof: Improving Privacy on a BlockchainA Zero-Knowledge Proof: Improving Privacy on a Blockchain
A Zero-Knowledge Proof: Improving Privacy on a Blockchain
 
Lity - 讓你更安全的 Smart Contract Language
Lity - 讓你更安全的 Smart Contract LanguageLity - 讓你更安全的 Smart Contract Language
Lity - 讓你更安全的 Smart Contract Language
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINX
 
Etherem ~ agvm
Etherem ~ agvmEtherem ~ agvm
Etherem ~ agvm
 
DEFI Notes 2022 01 15.pptx
DEFI Notes 2022 01 15.pptxDEFI Notes 2022 01 15.pptx
DEFI Notes 2022 01 15.pptx
 
Raconte-moi X.509 : anatomie d'une autorité de certification
Raconte-moi X.509 : anatomie d'une autorité de certificationRaconte-moi X.509 : anatomie d'une autorité de certification
Raconte-moi X.509 : anatomie d'une autorité de certification
 
Encode x NEAR: Technical Overview of NEAR 1
Encode x NEAR: Technical Overview of NEAR 1Encode x NEAR: Technical Overview of NEAR 1
Encode x NEAR: Technical Overview of NEAR 1
 
How to Build Your Own Blockchain
How to Build Your Own BlockchainHow to Build Your Own Blockchain
How to Build Your Own Blockchain
 
4-ZeroLab_consensus-1908.pptx
4-ZeroLab_consensus-1908.pptx4-ZeroLab_consensus-1908.pptx
4-ZeroLab_consensus-1908.pptx
 
Bitcoin Blockchain - Under the Hood
Bitcoin Blockchain - Under the HoodBitcoin Blockchain - Under the Hood
Bitcoin Blockchain - Under the Hood
 
Dylan Butler & Oliver Hager - Building a cross platform cryptocurrency app
Dylan Butler & Oliver Hager - Building a cross platform cryptocurrency appDylan Butler & Oliver Hager - Building a cross platform cryptocurrency app
Dylan Butler & Oliver Hager - Building a cross platform cryptocurrency app
 

Kürzlich hochgeladen

Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 

Kürzlich hochgeladen (20)

Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 

Advanced NEO Smart Contracts Workshop

  • 2. Ivan Poon Co-Founder, CEO Switcheo Network Speaker Info ivan.poon@switcheo.network
  • 3. #SwitchtoSwitcheo Some Questions First! 1. Has anyone read Satoshi’s whitepaper? 2. Does anyone have experience with Ethereum 
 smart contract development?
  • 4. #SwitchtoSwitcheo Workshop Agenda 1. How Does NEO Verify Transactions? 2. How To Make Withdrawals From A Smart Contract? 3. NEO Smart Contracts Best Practices 4. Questions and Answers (Q&A) 5. Demo (If there is time)
  • 6. #SwitchtoSwitcheo How Does NEO Verify Transactions? CheckWitness(t_from) What is “witness”? And are we actually “checking” for here? https://github.com/kentarohorie/simple-neo-token-sample/blob/1a38e50/yourcoin/nep5.py#L58 To find out, we need to understand: • NEO’s transaction structure, and • “unspent outputs” or “UTXOs” (this type of model is inherited from Bitcoin) Recall this code from the lecture in the Transfer operation:
  • 8. #SwitchtoSwitcheo NEO Transaction Types You can find the full list of transaction “types”: https://github.com/neo-project/neo/blob/master/neo/Core/TransactionType.cs ContractTransaction Normal NEO & GAS transfers InvocationTransaction Invokes some operations in the NEO VM using the given script 2 Most Common Types:
  • 9. #SwitchtoSwitcheo NEO Transaction Attributes Full list of transaction attribute types or “usages” here: https://github.com/neo-project/docs/blob/master/en-us/sc/reference/fw/dotnet/neo/TransactionAttribute/Usage.md General Usages Specific Usages • Doesn’t change transaction execution • For general uses like logging transaction purpose as a record, or adding data for deployed smart contracts to read from • e.g.: Data “Hash”, or “Remarks” • Causes transaction to be verified or executed differently • e.g: “Additional Witness” or “Script” (0x20), etc. • Will look at one, read docs for info on the others
  • 10. #SwitchtoSwitcheo NEO Inputs & Outputs { inputs: [{ txid: “0xa…”, index: 0, address: A, amount: 5, }, { txid: “0xb…”, index: 0, address: B, amount: 7, }], outputs: [{ address: C, 
 amount: 12 }],
 attributes: [{ usage: 0x20, // Script data: <addr D>], } Transaction
 must be 
 witnessed by A+B+D Address A +5 Address B +7 Address C 12 https://bitcoin.org/en/developer-guide#block-chain
  • 11. #SwitchtoSwitcheo { scripts: [{ invocation: <addressA_Signature>, verification: <addressA_VerificationScript> }, invocation: <addressB_Signature>, verification: <addressB_VerificationScript> }, invocation: <addressD_Signature>, verification: <addressD_VerificationScript> }, ], } NEO Witness Scripts 0x … … … … … … ECDSA Signature 0x … … … … Public Key 0xac Check Signature 64 bytes long 33 bytes long Invocation: https://github.com/CityOfZion/neon-js/blob/4634e74/src/wallet/core.js#L84 Verification: https://github.com/CityOfZion/neon-js/blob/4634e74/src/transactions/core.js#L150 Witness Scripts for a standard “wallet contract” 0x40 Push 40 Bytes invocation 0x21 Push 33 Bytesverification
  • 12. #SwitchtoSwitcheo NEO Script • This is only for transactions of Invocation type. • The script is directly executed by the VM • So it is actually just a series of opcodes and data { …, “script”:“020bf1920…”, … }
  • 13. #SwitchtoSwitcheo OpCode Hex Explanation PUSH20 0x20 Pushes the next 20 bytes onto the stack <from> 0x11fg876d.. Push the “from” address for an NEP-5 transfer operation PUSH3 0x53 Pushes the number ‘3' onto the stack 0x11fg876d.. 0x225ab73.. 0x3356765.. 3 … … … … … … … … … … … … PACK 0xC1 Pops N from stack and combines the next N items into an array PUSHBYTES8 0x08 Pushes the next 8 bytes onto the stack “transfer” 0x7472616e73666572 the operation string as bytes in this case it is the “transfer” operation for NEP-5 APPCALL 0x67 Reads the next 20 bytes and invokes the corresponding deployed contract with Application Trigger. <scriptHash> 0xa12cde… The hash of the deployed smart contract to invoke So transaction will have: { …, “script”:“020bf1920…” } 0x11 0x22 0x3 0x7472616.. Stack https://github.com/neo-project/neo-vm/blob/master/src/neo-vm/OpCode.cs Script example for a standard entrypoint: Main(string operation, params object[] args) NEO Script
  • 14. #SwitchtoSwitcheo Verification of Smart Contracts Verify([mempool]) VerifyScripts(IVerifiable) GetScriptHashesForVerifying() https://github.com/neo-project/neo/blob/ 23bbe9b/neo/Core/Transaction.cs#L330 https://github.com/neo-project/neo/blob/ 23bbe9b/neo/Core/Helper.cs#L46 https://github.com/neo-project/neo/blob/ 23bbe9b/neo/Core/Transaction.cs#L227 Check Double Spend, etc.. Get hashes that must match Verification Scripts (found in “scripts”) Get hashes of inputs Add data (hash) in transaction attribute 0x20 (usage “Script” a.k.a. “Additional Witness”)
 
 This is useful if you want to ensure Verification runs on a deployed contract, but are not using inputs from a smart contract Hashes each VerificationScript and compares hashes in order. Fails if any missing or does not match. Executes Invocation Script + Verification Script. Fails if hash mismatch, or does not return true Pass!
  • 15. #SwitchtoSwitcheo Verification of Smart Contracts https://github.com/neo-project/neo/blob/23bbe9b/neo/Core/Helper.cs#L61 How to run custom verification on deployed contracts? Write custom verification logic in Trigger User can leave VerificationScript empty if deployed 
 contract needs to be a witness
  • 16. #SwitchtoSwitcheo Dangers of Sending from Custom Smart Contracts Jack’s Available Balance: 5 NEO Jack’s Transaction A 5 NEO To Jack *State cannot be changed during verification 5 NEO To Jack Jack’s Transaction B 5 NEO To Jack Jack’s Transaction C 5 NEO To Jack Jack’s Transaction D > Change 
 Jack’s Balance 0 - 5 = ??? > Change 
 Jack’s Balance 5 - 5 = 0 NEO VERIFICATION APPLICATION
  • 17. #SwitchtoSwitcheo VERIFICATION APPLICATION *State cannot be changed during verification 5 NEO Jack’s Transaction A 5 NEO Jack’s Transaction B 5 NEO Jack’s Transaction C 5 NEO Jack’s Transaction D Jack’s Available Balance: 5 NEO > Not enough balance, do nothing > Check & Change Jack’s Balance 0 NEO < 5 NEO > Reserve Output to Jack > Check & Change 
 Jack’s Balance 5 - 5 = 0 NEO Dangers of Sending from Custom Smart Contracts
  • 18. Jack’s Transaction A > Cleanup 2 VERIFICATION APPLICATION #SwitchtoSwitcheo Jack’s Transaction A 1 5 NEO 5 NEO To Jack > Reserve Output to Jack > Check & Change 
 Jack’s Balance 5 - 5 = 0 NEO VERIFICATION APPLICATION Dangers of Sending from Custom Smart Contracts
  • 19. #SwitchtoSwitcheo Examples for Sending from Custom Smart Contracts Some example implementations and references: Switcheo Exchange (live): https://github.com/ConjurTech/switcheo/blob/v2/switcheo/BrokerContract.cs NeoResearch (prototype): https://github.com/NeoResearch/nep-distributed-payments/blob/master/workingPrototype.cs Neon Exchange (whitepaper): https://neonexchange.org/pdfs/whitepaper_v1.pdf
  • 20. #SwitchtoSwitcheo Dangers Of Using Verification Trigger Witness can be used in other contracts! Withdrawing NEO! Runtime.CheckWitness(MyContractScriptHash) will be true. So “transfer” from “My Contract” to ANYONE will also pass! My Contract RPX Token *My Contract has 1000 RPX tokens *Transaction’s script is an “AppCall" to “RPX Token" instead of “My Contract”! Withdrawal checks pass 
 so contract returns true VERIFICATION APPLICATION
  • 21. #SwitchtoSwitcheo Best Practices - Constrain Invocation Script *My Contract has 1000 RPX tokensVERIFICATION https://github.com/ConjurTech/switcheo/blob/v2/switcheo/BrokerContract.cs#L198
  • 22. Best Practices - Guard When Doing Dynamic Invoke My Contract ATK Token RPX Token 1000 RPX 100 ATK transfer transfer fr: SC to: A amt: 100 ATK fr: SC to: A amt: 1000 RPX Attacker withdraw fr: SC to: A amt: 100 ATK https://github.com/neo-project/proposals/pull/44/files#diff-e5a1452ea0de8fa24b9c328151e94affR90 NEP-5
  • 23. #SwitchtoSwitcheo Best Practices - Prefix All Storage Keys https://github.com/kentarohorie/simple-neo-token-sample/blob/1a38e50/yourcoin/nep5.py#L151 -> When t_spender is an empty byte array, approval_key is 
 the same format as balanceOf key! https://github.com/kentarohorie/simple-neo-token-sample/blob/1a38e50/yourcoin/nep5.py#L29 ->> Value of balance can be changed wrongly!
  • 24. #SwitchtoSwitcheo Best Practices - Prefix All Storage Keys https://github.com/ConjurTech/switcheo/blob/v2/switcheo/BrokerContract.cs Storage keys should be prefixed by unique, non-overlapping bytes 
 for different types of data
  • 25. #SwitchtoSwitcheo Best Practices - Validate All User Inputs Validate ALL inputs from users, and constrain them to the minimum set of formats • Length of both t_owner and t_spender should be constrained to 20 as 
 addresses are 20 bytes long • Reduce flows and set of inputs to test or check against • Acts as additional guard against accidental “key collision”
  • 26. #SwitchtoSwitcheo Best Practices - Protect Users Whenever Possible Don’t assume honest clients will always send in valid inputs! • Don’t let user lose assets or “burn” tokens accidentally through malformed script 
 or transaction • Never ignore receiving of system assets if possible, in case of accidental sends • Always handle received system assets by moving to an internal user balance and let users withdraw it later • When encountering invalid state or input during smart contract execution, revert whole script by throwing Exceptions, see link
  • 28. #SwitchtoSwitcheo V2 Launch - API Development Competition Switcheo is holding an API Development Contest for our upcoming V2 launch! Prizes include: 1,000,000 SWTH Tokens, 
 Customised Switcheo Ledger Nano S’s,
 and various Switcheo Merch! Follow us for more details!
  • 29. Thank You Switcheo.Network Contact@Switcheo.Network Come Talk To Us! https://t.me/switcheo @switcheonetwork