The amount and maturity of the tools available to help developers in process of building new applications and products is often crucial to the success of any given technology, platform or ecosystem.

Nowadays in this blockchain trend we are witnessing, the front runner and most mature contender is Ethereum, for sure. The quality and quantity of the tools and content (documentation, tutorials, etc) available to developers in order to build on top of it, is miles away from the competition.

Recently I’ve been working and experimenting with NEO blockchain (as you can see on some of my previous posts), a team that I took part even won an award of merit in their most recent dApp competition (Github repository). During that period we felt the pain of the lack of maturity and documentation that affected this new “ecosystem”.

Things got better, but there are a few things still missing, such as tools that help you integrate your applications and services with the blockchain, tools to make the developer’s life easier and tools to make their dApps more useful, such as the equivalent to Ethereum’s web3.js and Metamaskextension for example.

Even though you can achieve a lot with NEO’s JSON RPC API and through running your own node, I still think things should be easier. So at the last Whitesmith hackathon we’ve tried to address a subset of these pains.

We’ve put together, on that limited timeframe, a simple and rough service that delivers blockchain events as traditional Webhooks (websockets are planned) to make it easier for everybody to interact in real-time with any smart-contract.

We are looking for feedback to understand if it is something more developers also need and in that case work towards improving the service. Feel free to take a look at:


Finding blockchain challenges to learn and practice

With “Blockchain” technologies gaining a certain momentum in the last few years, we have witnessed a spread of different implementations with many variations in several aspects, even tough they are  built over the same principals.

This field is not easy to get started with and after taking the time to learn one approach, lets say “smart contract development in ethereum”, there might be less motivation to explore other technologies and networks.

An approach that is being used by the proponents of these networks, is to organize challenges and competitions to try to call the attention of other developers. With these competitions you can learn, explore, solve certain problems and in the end even win some reward (in the form of cryptocurrency/tokens). Most of these challenges happen online and you don’t even have to leave the comfort of your home.

For those interested, the most difficult part is finding the currently open challenges and competitions, so last week I put together a bare-bones page (plus RSS feed and calendar) aggregating the challenges that I find on the web.

You can access the page in the following URL:

I will try to keep it updated. In case you find it useful and discover any unlisted challenge, please submit it there, so it can be added to the list.

Note 22/04/2020: Given the website was no longer updated or maintained, I took it of the air.


Creating a NEP5 Token on NEO network

In this post I will try to introduce a way of creating a digital token, that doesn’t rely on the Ethereum network, neither on their ERC20 standard.

Other than Ethereum there are several other blockchain implementations that ofter the possibility of running smart-contracts and therefore allowing the creation of new digital tokens.

The option that I will address today is NEO, through its NEP5 standard. I will not elaborate on the advantages and disadvantages between the 2 approaches, given that it will depend on many factors and your current situation (perhaps a future post, but there are many other publications that already did that exercise).

A key difference for tokens based on NEO is that you have multiple choices regarding how do you write your smart-contract, instead of relying just on `Solidity`. If this is better or worse, that’s another discussion as well.

For today’s post I will write everything in python, and use neo-python to compile the smart-contract and run the network node that will be used to deploy it on the blockchain.

Brief Introduction to NEO

Shortly, NEO is a blockchain project that has been around for a while, that intends build a smart economy over a distributed network. In other words and in practice, it is a platform with many similarities to Ethereum, with some key differences on some philosophical aspects and technical decisions.

It was founded in China during the year of 2014 and has been gaining momentum recently, outside of their home country there are many people working on this platform, perhaps the most well known is an international community called City of Zion (CoZ)that develops open source tools and organizes all kinds of events and initiatives to support this project.

As you will see in a later stage of this post, we will use one of CoZ’s tools to connect to the network and to manage “our” smart-contracts.

The NEP5 Standard

As it happens with Ethereum, NEO allows you to run smart contracts, therefore you can create your own tokens over this network/platform and for example run an “Initial Coin Offering” (ICO).

The ecosystem benefits if all these tokens do have a common interface, so like the ERC20 (now EIP20) there is the NEP5 standard (the document can be found here). Complying with this common interface is highly advisable, since it will make the management of the token using most wallets easier for your users.

As a small overview, so you can be aware of the simplicity of the proposed interface, your smart-contract should implement at least the following methods: totalSupply, name, symbol, decimals, balanceOfand transfer.

Of course there are many other things that are required to make your smart-contract and respective token usable, such as initialization procedures and configuration of certain parameters like the total amount of tokens, how many decimals it has, which wallet should be the owner, etc. In this post we will stick with the basics.

The smart-contract

As it was said before, I will use python throughout the remaining of this post. Since the examples present in the proposal document are in C#, I will base the rest of the article on “NEO ICO Template” provided by the Neon Exchange, which is implemented in python, complies with NEP5 and has all the remaining utilities implemented.

A detailed post about how to use this template already exists and can be found here. Some sections of that article are already a bit out-dated, but it remains very informative nevertheless. To avoid duplicating content, I will provide a lighter version and show how we can make use of the built-in neo-python features instead of calling the smart-contract methods directly, demonstrating how NEP5 standard can also make you users life easier.

The Node and deployment

So lets start!

Assuming you already have the neo-python installed (if you don’t, you can follow the instructions here), the first think you should do is to launch the `prompt` and open your wallet:

$ np-prompt -p
open wallet {{wallet_path}}

If you cloned the repository it will be something like:

$ python neo/bin/prompt -p 
open wallet {{wallet_path}}

Next we will download the example smart-contract code in another terminal window:

$ git clone

Before we build the smart-contract, we will need to edit a few settings that will be exclusive for our token. On the {{path_to_smartcontract}}/nex/ file, lets edit a few parameters (there are several others you could change, but lets stick to the basics here):

# nex/
TOKEN_NAME = 'Example ICO Token'
TOKEN_OWNER = b'{{your_wallet_script_hash}}'

To get the {{your_wallet_script_hash}} just type wallet on the terminal window running neo-python and you should see something like this [I 180506 20:50:38 UserWallet:538] Script hash b'SCRIPT HASH HERE' <class 'bytes'> printed on the terminal. Just copy it to your contract code and you’re done.

The other options include changing the amount of tokens, how many will be initially “minted” and added to the owner’s wallet, etc.

Now it is time to “compile” the smart-contract from python to the NEO’s virtual machine “format”. To do that, run the following command on the “prompt”:

build {{path_to_smart-contract}}/ 0710 05 True False

The extra arguments are:

  • 0710 – Parameter types ( 07 is string, 10is a array).
  • 05 – Is the return type, in this case it means bytearray.
  • True – It requires storage.
  • False – It doesn’t use dynamic invocation.

Now an ico_template.avm should had been created, we will use this file to deploy our smart-contract to the blockchain. To do so, you will need `GAS` (400 of it, check here the values) and since this is just a test a better approach is to use the test network (or even a private network) in order to avoid wasting funds. To deploy the smart-contract you should run:

import contract {{path_to}}/ico_template.avm 0710 05 True False

and follow the interactive instructions. After this final step the smart-contract should be ready to use.

Using the newly created token

Now that everything is deployed and we are ready to start using our new token, the first thing that we need to do is to “run” the deploy instruction in order to setup the initial amount of tokens. To deploy we need to find get the hash of the imported contract and invoke it with the deploy parameter.

contract search {{query for your contract}}
# grab the "hash" value
testinvoke {{hash}} deploy []

Then we can add this token to our wallet and interact with it using a friendlier interface than having to invoke manually the methods of the contract like we did with the deploy action. We achieve this with the command: import token {{hash}}.

At this point you will be able to see your new token balance when you check your wallet, something similar to the following snippet:

    "synced_balances": [
        "[NEO]: 1000.0 ",
        "[NEOGas]: 25099.999 ",
        "[EIT]: 2499980 "

From now on, to send tokens to someone else, instead of doing something like this:

testinvoke 0xfd941304d9cf36f31cd141c7c7029d81b1efa4f3 transfer ["AUiPgh9684vjScBDJ5FFsYzBWyJjf6GQ6K","ASfh5fCf6jZ2RxKNoDfN6dN817B9kaNRgY", "10"]

you have this friendlier interface:

wallet tkn_send EIP AUiPgh9684vjScBDJ5FFsYzBWyJjf6GQ6K ASfh5fCf6jZ2RxKNoDfN6dN817B9kaNRgY 10

If you check the help command, you will see that you have a few helper methods to easily interact with your NEP5 token:

wallet tkn_send {token symbol} {address_from} {address to} {amount} 
wallet tkn_send_from {token symbol} {address_from} {address to} {amount}
wallet tkn_approve {token symbol} {address_from} {address to} {amount}
wallet tkn_allowance {token symbol} {address_from} {address to}
wallet tkn_mint {token symbol} {mint_to_addr} (--attach-neo={amount}, --attach-gas={amount})
wallet tkn_register {addr} ({addr}...) (--from-addr={addr})

And we just finished this small tutorial. To sum it up, I’ve made a small video going through the whole process:

Given the popularity of the “blockchain” movement nowadays, we are starting to have several alternative networks that are able to run smart-contracts, some of them more mature than the others, but many of them very capable.

Playing with several of the competing alternatives before jumping to the implementation phase of our solution is important, so we can understand which one will be a better fit for our particular situation.

If you have been following this field for the last few years, you know it is moving rapidly and many breakthroughs are still happening. Nevertheless at this moment we already have solid foundations for building decentralized applications on top of the blockchain, for this purpose NEO is positioning itself as solid solution to take into account.


Upgrade your “neo-python” wallets

Several weeks ago I started to explore the NEO ecosystem, for those who are not aware NEO is a blockchain project that just like Ethereum pretends to create the tools and the platform to execute smart-contracts and create new types of decentralized applications. It has its pros and cons just like any other system, but that is outside of the scope of this blog post.

One of the defining characteristics of this “cryptocurrency” is the ability develop those smart-contracts in programming languages the user already is familiar with (however only a small subset of the language is available).

So I searched for the available SDKs and found the neo-python project, which is a wallet software and also a set of tools to develop using the Python programming language. The project is developed by a community of supporters of the NEO ecosystem called City of Zion.

And now the real topic of the post begins, while learning the features and exploring the codebase I found an urgent security issue with the way the wallets were being encrypted by neo-python.

Long story short, the method used to protect the wallets wasn’t correctly implemented and allowed an attacker with access to the wallet file to decrypt it without the need for the password/pass-phrase (more details here) .

Fortunately it is an actively developed project and the team responsible for it was quick to acknowledge the problem and merge the fix I proposed in a pull request. The fix is now present in the newer versions of the project, and it now forces the users to reset the security features of their wallets (check this video for more details, starting on minute 8 up to 10) .

Now in this post I would like to leave my recommendation about how to proceed after re-encrypting the wallet, because even though the issue is fixed your private keys might have been compromised before you applied the patch. If you are a user and didn’t noticed nothing yet the most probable scenario is that you weren’t compromised, since most immediate thing an attacker could/would do is to steal your funds.

Nevertheless, there is always the possibility and to avoid any bad surprises you definitely should:

  1. Properly encrypt your wallet using the  script.
  2. Check the new generated wallet is working properly.
  3. Then delete the old wallet.
  4. Create a new wallet.
  5. Transfer your funds to the new wallet.

The steps 4 and 5 are necessary because the fix protects your master key but it doesn’t change it and as I previously said if a copy of your vulnerable wallet exists (created by you or by an attacker) your funds are still accessible. So don’t forget to go through them.

Other than this, the project is very interesting and while still immature it has been fun the work with it, so I will keep contributing some improvements in the near future.



Getting started with Blockchain and related technologies

Crypto currencies have been at all rage in the last few months, with the price of Bitcoin and other Altcoins skyrocketing and achieving new all time heights.

This is very interesting and since there is the idea that the technology supporting all of these coins is revolutionary, some saying it can be used to solve many problems that we currently struggle with (or turn thing more transparent). I needed to take a look at how it works internally.

For anyone trying to understand and work with “Blockchain” and its new style of “consensus”, playing and just using the coins and wallets is not enough. All the things that happen in the background are complex and require the understand of several mathematical properties.

So where to start?

There are many books (and I’ve read a few of them), but some just approach the technology from an high level and from a user perspective. Others are good and complete, but very dense.

I took another approach to complete my understanding of the internals of the technology. I joined and recently completed the online course of “Bitcoin and Cryptocurrency Technologies” from Princeton University, available on the Coursera platform.

The content, even though the course dates from 2014/2015, is solid. It covers the basic concepts and the internals of bitcoin very well, foundational things that do not change that often. Content isn’t just thrown at you, they build up your knowledge on the matter.

The only issue, in my humble opinion, is the timing of the first graded assignment, which is given to you before the lessons on those concepts are explained (but you can watch those lessons and comeback to the assignment later). On the remaining assignments some context and better explanation of the terms on the code might help, but eventually you end up understanding what they mean. Otherwise the discussion forums will guide you in the right direction.

Overall, truly recommend this course (that is free at the moment) if you desire to get an initial and deeper knowledge of the system and not just the user perspective.