Gonçalo Valério

Category: Blockchain

New Nostr and Lightning Addresses
Bitcoin Atlantis is just around the corner. This conference, happening here in Madeira, is something unusual for us locals. The common pattern is that we have to fly to attend such conferences.

I plan to attend the event, and I will be there with an open mindset, since there are always new things to learn. I’m particularly interested in the new technologies and advancements powering the existing ecosystem.

So this post is an early preparation for the conference. I noticed that the community is gathering increasingly around a protocol called Nostr. I also noticed that a great deal of new cool applications are being built on top of the Lightning Network.

To blend in, to actively participate and to make the most of my time there, I just set up my Nostr presence with a lightning address pointing to one lightning network wallet.

This setup allows me to interact with others using a Twitter/X like interface. Instead of likes and favorites, people can express their support by sending small bitcoin tips (zaps) directly to the authors by clicking/tapping a button.

Before describing what I did, I will do a rapid introduction to Nostr and also the Lightning Network, to contextualize the reader.

Lightning network

Built on top of the Bitcoin blockchain, the lightning network allows users to send and receive transactions rapidly (couple of seconds) and with minimal fees (less than a cent). These records are kept off-chain and are only settled later when the users decide to make the outcome permanent.

It works very well and led to the development of many websites, apps, and services with use cases that weren’t previously possible or viable. One example is quickly paying a few cents to read an article or paying to watch a stream by the second without any sort of credit.

One of the shortcomings is that for every payment to happen, the receiving party needs to generate and share an invoice first. For certain scenarios, this flow is not ideal.

Recently, a new protocol called LNURL was developed to allow users to send transactions without the need of having a pre-generated invoice first. The only thing that is needed is this “URL”, which can work like a traditional address.

On top of this new protocol, users can create Lightning Addresses, which looks and works just like an e-mail address. So, you can send some BTC to joe@example.com, which is much friendlier than standard bitcoin addresses.

Nostr

Twitter is centralized, Mastodon is not, but it is federated, which means you still need an account on a given server. Nostr, on the other hand, is an entirely different approach to the social media landscape.

Just like Bitcoin, users generate a pair of keys, one is the identifier and the other allows the user to prove is identity.

Instead of having an account where the user stores and publishes his messages, on Nostr the user creates a message, signs and publishes it to one or more servers (called relay).

Readers can then look for messages of a given identifier, on one or more servers.

One of the characteristics of this approach is that it is censorship resistant, and the individual is not at the mercy of the owner of a given service.

The relationship between Nostr and the Bitcoin’s lightning network, that I described above, is that the Bitcoin community was one of the first to adopt Nostr. Furthermore, many Nostr apps already integrated support for tipping using the lightning network, more specifically using lightning addresses.

My new contacts

With that long introduction done, this post serves as an announcement that I will start sharing my content on Nostr as well.

For now, I will just share the same things that I already do on Mastodon/Fediverse. But as we get closer to the conference, I plan to join a few discussions about Bitcoin and share more material about that specific subject.

You can follow me using:

npub1c86s34sfthe0yx4dp2sevkz2njm5lqz0arscrkhjqhkdexn5kuqqtlvmv9
View on Primal

To send and receive some tips/zaps, I had to set a lightning address. Unfortunately, setting up one from scratch in a self-custodial way still requires some effort.

The app that I currently use can provide one, but they take custody of the funds (which in my humble opinion goes a bit against the whole point). This address uses their domain, something like: raremouse1@primal.net. It doesn’t look so good, especially if I want to switch providers in the future or have self-custody of my wallet.

Looking at the Lightning Address specification, I noticed that it is possible to create some kind of “alias”, that allows us to easily switch later.

To test, I just quickly wrote a Cloudflare worker that essentially looks like the following:
```
const url = 'https://primal.net/.well-known/lnurlp/raremouse1'

export default {
  async fetch(request, env, ctx) {
    async function MethodNotAllowed(request) {
      return new Response(
        `Method ${request.method} not allowed.`,
        {
          status: 405,
          headers: {
            Allow: "GET",
          },
        });
    }
    // Only GET requests work with this proxy.
    if (request.method !== "GET")
      return MethodNotAllowed(request);

    let response = await fetch(url);
    let content = await response.json();

    content.metadata = content.metadata.replace(
      "raremouse1@primal.net",
      "gon@ovalerio.net"
    );

    return new Response(
      JSON.stringify(content),
      response
    )
  },
};
```
Then I just had to let it handle the https://ovalerio.net/.well-known/lnurlp/gon route.

The wallet is still the one provided by Primal. However, I can now share with everyone that my lightning address is the same as my email: gon at ovalerio dot net. When I move to my infrastructure, the address will remain the same.

And this is it, feel free to use the above script to set your lightning address and to follow me on Nostr. If any of this is useful to you, you can buy me a beer by sending a few sats to my new lightning address.
February 19, 2024
Experiment: ChainSentinel.co

The amount and maturity of the tools available to help developers in process of building new applications and products is often crucial to the success of any given technology, platform or ecosystem.

Nowadays in this blockchain trend we are witnessing, the front runner and most mature contender is Ethereum, for sure. The quality and quantity of the tools and content (documentation, tutorials, etc) available to developers in order to build on top of it, is miles away from the competition.

Recently I’ve been working and experimenting with NEO blockchain (as you can see on some of my previous posts), a team that I took part even won an award of merit in their most recent dApp competition (Github repository). During that period we felt the pain of the lack of maturity and documentation that affected this new “ecosystem”.

Things got better, but there are a few things still missing, such as tools that help you integrate your applications and services with the blockchain, tools to make the developer’s life easier and tools to make their dApps more useful, such as the equivalent to Ethereum’s web3.js and Metamaskextension for example.

Even though you can achieve a lot with NEO’s JSON RPC API and through running your own node, I still think things should be easier. So at the last Whitesmith hackathon we’ve tried to address a subset of these pains.

We’ve put together, on that limited timeframe, a simple and rough service that delivers blockchain events as traditional Webhooks (websockets are planned) to make it easier for everybody to interact in real-time with any smart-contract.

We are looking for feedback to understand if it is something more developers also need and in that case work towards improving the service. Feel free to take a look at:

https://chainsentinel.co

July 30, 2018
Finding blockchain challenges to learn and practice

With “Blockchain” technologies gaining a certain momentum in the last few years, we have witnessed a spread of different implementations with many variations in several aspects, even tough they are built over the same principals.

This field is not easy to get started with and after taking the time to learn one approach, lets say “smart contract development in ethereum”, there might be less motivation to explore other technologies and networks.

An approach that is being used by the proponents of these networks, is to organize challenges and competitions to try to call the attention of other developers. With these competitions you can learn, explore, solve certain problems and in the end even win some reward (in the form of cryptocurrency/tokens). Most of these challenges happen online and you don’t even have to leave the comfort of your home.

For those interested, the most difficult part is finding the currently open challenges and competitions, so last week I put together a bare-bones page (plus RSS feed and calendar) aggregating the challenges that I find on the web.

You can access the page in the following URL: ~~https://blockchain-challenges.ovalerio.net~~

I will try to keep it updated. In case you find it useful and discover any unlisted challenge, please submit it there, so it can be added to the list.

Note 22/04/2020: Given the website was no longer updated or maintained, I took it of the air.

June 1, 2018
Creating a NEP5 Token on NEO network
In this post I will try to introduce a way of creating a digital token, that doesn’t rely on the Ethereum network, neither on their ERC20 standard.

Other than Ethereum there are several other blockchain implementations that ofter the possibility of running smart-contracts and therefore allowing the creation of new digital tokens.

The option that I will address today is NEO, through its NEP5 standard. I will not elaborate on the advantages and disadvantages between the 2 approaches, given that it will depend on many factors and your current situation (perhaps a future post, but there are many other publications that already did that exercise).

A key difference for tokens based on NEO is that you have multiple choices regarding how do you write your smart-contract, instead of relying just on `Solidity`. If this is better or worse, that’s another discussion as well.

For today’s post I will write everything in python, and use neo-python to compile the smart-contract and run the network node that will be used to deploy it on the blockchain.

Brief Introduction to NEO

Shortly, NEO is a blockchain project that has been around for a while, that intends build a smart economy over a distributed network. In other words and in practice, it is a platform with many similarities to Ethereum, with some key differences on some philosophical aspects and technical decisions.

It was founded in China during the year of 2014 and has been gaining momentum recently, outside of their home country there are many people working on this platform, perhaps the most well known is an international community called City of Zion (CoZ)that develops open source tools and organizes all kinds of events and initiatives to support this project.

As you will see in a later stage of this post, we will use one of CoZ’s tools to connect to the network and to manage “our” smart-contracts.

The NEP5 Standard

As it happens with Ethereum, NEO allows you to run smart contracts, therefore you can create your own tokens over this network/platform and for example run an “Initial Coin Offering” (ICO).

The ecosystem benefits if all these tokens do have a common interface, so like the ERC20 (now EIP20) there is the NEP5 standard (the document can be found here). Complying with this common interface is highly advisable, since it will make the management of the token using most wallets easier for your users.

As a small overview, so you can be aware of the simplicity of the proposed interface, your smart-contract should implement at least the following methods: totalSupply, name, symbol, decimals, balanceOfand transfer.

Of course there are many other things that are required to make your smart-contract and respective token usable, such as initialization procedures and configuration of certain parameters like the total amount of tokens, how many decimals it has, which wallet should be the owner, etc. In this post we will stick with the basics.

The smart-contract

As it was said before, I will use python throughout the remaining of this post. Since the examples present in the proposal document are in C#, I will base the rest of the article on “NEO ICO Template” provided by the Neon Exchange, which is implemented in python, complies with NEP5 and has all the remaining utilities implemented.

A detailed post about how to use this template already exists and can be found here. Some sections of that article are already a bit out-dated, but it remains very informative nevertheless. To avoid duplicating content, I will provide a lighter version and show how we can make use of the built-in neo-python features instead of calling the smart-contract methods directly, demonstrating how NEP5 standard can also make you users life easier.

The Node and deployment

So lets start!

Assuming you already have the neo-python installed (if you don’t, you can follow the instructions here), the first think you should do is to launch the `prompt` and open your wallet:
```
$ np-prompt -p
...
open wallet {{wallet_path}}
```
If you cloned the repository it will be something like:
```
$ python neo/bin/prompt -p 
...
open wallet {{wallet_path}}
```
Next we will download the example smart-contract code in another terminal window:
```
$ git clone git@github.com:neonexchange/neo-ico-template.git
```
Before we build the smart-contract, we will need to edit a few settings that will be exclusive for our token. On the {{path_to_smartcontract}}/nex/token.py file, lets edit a few parameters (there are several others you could change, but lets stick to the basics here):
```
# nex/token.py
TOKEN_NAME = 'Example ICO Token'
TOKEN_SYMBOL = 'EIT'
TOKEN_OWNER = b'{{your_wallet_script_hash}}'
```
To get the {{your_wallet_script_hash}} just type wallet on the terminal window running neo-python and you should see something like this [I 180506 20:50:38 UserWallet:538] Script hash b'SCRIPT HASH HERE' <class 'bytes'> printed on the terminal. Just copy it to your contract code and you’re done.

The other options include changing the amount of tokens, how many will be initially “minted” and added to the owner’s wallet, etc.

Now it is time to “compile” the smart-contract from python to the NEO’s virtual machine “format”. To do that, run the following command on the “prompt”:
```
build {{path_to_smart-contract}}/ico_template.py 0710 05 True False
```
The extra arguments are:
- 0710 – Parameter types ( 07 is string, 10is a array).
- 05 – Is the return type, in this case it means bytearray.
- True – It requires storage.
- False – It doesn’t use dynamic invocation.
Now an ico_template.avm should had been created, we will use this file to deploy our smart-contract to the blockchain. To do so, you will need `GAS` (400 of it, check here the values) and since this is just a test a better approach is to use the test network (or even a private network) in order to avoid wasting funds. To deploy the smart-contract you should run:
```
import contract {{path_to}}/ico_template.avm 0710 05 True False
```
and follow the interactive instructions. After this final step the smart-contract should be ready to use.

Using the newly created token

Now that everything is deployed and we are ready to start using our new token, the first thing that we need to do is to “run” the deploy instruction in order to setup the initial amount of tokens. To deploy we need to find get the hash of the imported contract and invoke it with the deploy parameter.
```
contract search {{query for your contract}}
# grab the "hash" value
testinvoke {{hash}} deploy []
```
Then we can add this token to our wallet and interact with it using a friendlier interface than having to invoke manually the methods of the contract like we did with the deploy action. We achieve this with the command: import token {{hash}}.

At this point you will be able to see your new token balance when you check your wallet, something similar to the following snippet:
```
    "synced_balances": [
        "[NEO]: 1000.0 ",
        "[NEOGas]: 25099.999 ",
        "[EIT]: 2499980 "
    ],
```
From now on, to send tokens to someone else, instead of doing something like this:
```
testinvoke 0xfd941304d9cf36f31cd141c7c7029d81b1efa4f3 transfer ["AUiPgh9684vjScBDJ5FFsYzBWyJjf6GQ6K","ASfh5fCf6jZ2RxKNoDfN6dN817B9kaNRgY", "10"]
```
you have this friendlier interface:
```
wallet tkn_send EIP AUiPgh9684vjScBDJ5FFsYzBWyJjf6GQ6K ASfh5fCf6jZ2RxKNoDfN6dN817B9kaNRgY 10
```
If you check the help command, you will see that you have a few helper methods to easily interact with your NEP5 token:
```
wallet tkn_send {token symbol} {address_from} {address to} {amount} 
wallet tkn_send_from {token symbol} {address_from} {address to} {amount}
wallet tkn_approve {token symbol} {address_from} {address to} {amount}
wallet tkn_allowance {token symbol} {address_from} {address to}
wallet tkn_mint {token symbol} {mint_to_addr} (--attach-neo={amount}, --attach-gas={amount})
wallet tkn_register {addr} ({addr}...) (--from-addr={addr})
```
And we just finished this small tutorial. To sum it up, I’ve made a small video going through the whole process:

Given the popularity of the “blockchain” movement nowadays, we are starting to have several alternative networks that are able to run smart-contracts, some of them more mature than the others, but many of them very capable.

Playing with several of the competing alternatives before jumping to the implementation phase of our solution is important, so we can understand which one will be a better fit for our particular situation.

If you have been following this field for the last few years, you know it is moving rapidly and many breakthroughs are still happening. Nevertheless at this moment we already have solid foundations for building decentralized applications on top of the blockchain, for this purpose NEO is positioning itself as solid solution to take into account.
May 8, 2018
Upgrade your “neo-python” wallets
Several weeks ago I started to explore the NEO ecosystem, for those who are not aware NEO is a blockchain project that just like Ethereum pretends to create the tools and the platform to execute smart-contracts and create new types of decentralized applications. It has its pros and cons just like any other system, but that is outside of the scope of this blog post.

One of the defining characteristics of this “cryptocurrency” is the ability develop those smart-contracts in programming languages the user already is familiar with (however only a small subset of the language is available).

So I searched for the available SDKs and found the neo-python project, which is a wallet software and also a set of tools to develop using the Python programming language. The project is developed by a community of supporters of the NEO ecosystem called City of Zion.

And now the real topic of the post begins, while learning the features and exploring the codebase I found an urgent security issue with the way the wallets were being encrypted by neo-python.

Long story short, the method used to protect the wallets wasn’t correctly implemented and allowed an attacker with access to the wallet file to decrypt it without the need for the password/pass-phrase (more details here) .

Fortunately it is an actively developed project and the team responsible for it was quick to acknowledge the problem and merge the fix I proposed in a pull request. The fix is now present in the newer versions of the project, and it now forces the users to reset the security features of their wallets (check this video for more details, starting on minute 8 up to 10) .

Now in this post I would like to leave my recommendation about how to proceed after re-encrypting the wallet, because even though the issue is fixed your private keys might have been compromised before you applied the patch. If you are a user and didn’t noticed nothing yet the most probable scenario is that you weren’t compromised, since most immediate thing an attacker could/would do is to steal your funds.

Nevertheless, there is always the possibility and to avoid any bad surprises you definitely should:
1. Properly encrypt your wallet using the reencrypt_wallet.py script.
2. Check the new generated wallet is working properly.
3. Then delete the old wallet.
4. Create a new wallet.
5. Transfer your funds to the new wallet.
The steps 4 and 5 are necessary because the fix protects your master key but it doesn’t change it and as I previously said if a copy of your vulnerable wallet exists (created by you or by an attacker) your funds are still accessible. So don’t forget to go through them.

Other than this, the project is very interesting and while still immature it has been fun the work with it, so I will keep contributing some improvements in the near future.
March 6, 2018
Getting started with Blockchain and related technologies

Crypto currencies have been at all rage in the last few months, with the price of Bitcoin and other Altcoins skyrocketing and achieving new all time heights.

This is very interesting and since there is the idea that the technology supporting all of these coins is revolutionary, some saying it can be used to solve many problems that we currently struggle with (or turn thing more transparent). I needed to take a look at how it works internally.

For anyone trying to understand and work with “Blockchain” and its new style of “consensus”, playing and just using the coins and wallets is not enough. All the things that happen in the background are complex and require the understand of several mathematical properties.

So where to start?

There are many books (and I’ve read a few of them), but some just approach the technology from an high level and from a user perspective. Others are good and complete, but very dense.

I took another approach to complete my understanding of the internals of the technology. I joined and recently completed the online course of “Bitcoin and Cryptocurrency Technologies” from Princeton University, available on the Coursera platform.

The content, even though the course dates from 2014/2015, is solid. It covers the basic concepts and the internals of bitcoin very well, foundational things that do not change that often. Content isn’t just thrown at you, they build up your knowledge on the matter.

The only issue, in my humble opinion, is the timing of the first graded assignment, which is given to you before the lessons on those concepts are explained (but you can watch those lessons and comeback to the assignment later). On the remaining assignments some context and better explanation of the terms on the code might help, but eventually you end up understanding what they mean. Otherwise the discussion forums will guide you in the right direction.

Overall, truly recommend this course (that is free at the moment) if you desire to get an initial and deeper knowledge of the system and not just the user perspective.

December 20, 2017