Neo has released Neo-CLI v3.5. One of the most notable improvements in this version is the ability to load dynamic scripts at contract runtime. This opens new doors for contract developers by enabling new use cases where users can provide logic to be executed.
Dynamic script loading
The concept for the feature came from Neo core developer Erik Zhang. Functionally, it is essentially an evaluate (or “eval”) function, found in many programming languages, which takes a string input as an expression to be executed and returns the result.
Following the update, contracts will be able to take NeoVM scripts as inputs from users and call the code as required at runtime. Zhang proposed this ability to enable an advanced permission management use case, where users could delegate permissions to a dynamic entity by providing a script to calculate that entity based on the current chain state.
After a prolonged discussion with other core developers regarding security concerns, it was decided that undesired side effects could be negated by enforcement of the read-only permission flag. In other words, a contract can run a read-only script to calculate some result, but the script cannot perform any storage writes (e.g., perform a token transfer). This, along with various other ApplicationEngine changes, work to minimize the risks usually associated with arbitrary script execution.
Developer experience improvements
Several of the changes in the update center on developer convenience. One example is the addition of two methods to the ContractManagement native contract. The first allows contract information to be retrieved by ID, and the second returns all script hashes of deployed (i.e., non-native) contracts.
These methods make it more straightforward for developers to interact with contract data on-chain, and may simplify test deployments for networks that include a common set of non-native contracts, such as the NeoFS sidechain.
Other advancements include:
- The addition of the PUSHT and PUSHF opcodes in NeoVM for pushing boolean values onto the evaluation stack
- An update that allows the RpcServer to process RPC requests without parameters where appropriate
- Movement of the SQLite wallet code out of the core and into its own plugin in the Neo Modules repository
A few notable bug fixes were also merged in the update. The RpcClient was updated to properly parse witness scope rules, and a max block system fee check was introduced in the dBFT plugin to negate a selective DoS attack on transactions. Finally, another change to consensus code was made to prevent timer extensions when a commit originated from a different view. This avoids a delay that could be caused by a node being late to trigger a view change.
At the time of press, no formal announcement has been made, however Neo-CLI v3.5 is being rolled out onto the official Neo TestNet. A MainNet update is expected to follow in approximately two weeks, pending the usual stability assessment.
Due to the VM and native contract changes, node operators will be required to resynchronize their nodes on update to the new version.
The new version may be downloaded at the following link: