R3E Network has shipped a comprehensive overhaul of its Swift SDK for Neo, delivering four releases that introduce secure memory handling for private keys and bring Neo N3 v3.10.0 compatibility. The SDK, now published as neo-swift-sdk, reaches v4.0.1 as the latest stable release.

The rapid iteration from v3.0.0 through v4.0.1 reflects an architectural reset followed by incremental hardening: restructuring the package and client API, then tightening error handling, adding security features, and applying an automated patch. The SDK supports Swift 6 on iOS, macOS, tvOS, and watchOS.

Rename and restructure

The most visible change is the rename from NeoSwift to neo-swift-sdk, aligning with R3E Network’s branding pattern across its SDK portfolio, which includes NeoRust for Rust and neo-js for JavaScript. The module import changes to import NeoSwiftSDK.

The update introduces NeoClient, a typed operation facade modeled after the AWS SDK pattern, providing structured input and output types for node, blockchain, wallet, and relay operations. The existing low-level JSON-RPC interface continues as NeoRpcClient. Source compatibility with the previous API is not preserved. The release is a breaking change.

Security hardening

A significant portion of the overhaul focuses on key material safety. New SecureBytes and SecureECKeyPair types store private keys in secure memory, with temporary key material zeroized via defer blocks. The Account class now treats SecureECKeyPair as its authoritative key source, deprecating the legacy keyPair property. BIP-39 mnemonics are stored in secure memory as well, requiring an explicit exportMnemonic() call for recovery phrase access.

The HTTP transport layer now blocks plaintext connections to non-local endpoints by default, throwing an error for http:// URLs unless the developer explicitly opts in with allowInsecureConnections. Local addresses are exempted for development convenience. Non-2xx HTTP response bodies are redacted from error output to prevent RPC secret leakage.

Jimmy Liao, Neo core developer and R3E Network founder, highlighted the security focus:

“R3E’s rework also focused on key safety and reliability: SecureBytes and SecureECKeyPair; Explicit mnemonic and key export; Structured JSON-RPC errors; Plaintext RPC blocked outside trusted local networks; Swift 6.1 CI on macOS/Linux, warnings-as-errors and security scans”

Per-instance address version

NeoRpcClientConfiguration now carries an instance-level addressVersion property, allowing multiple client instances to connect to different Neo networks: MainNet, TestNet, or private networks with non-standard address prefixes, without mutating global state. Address conversion helpers across Hash160, stack-item decoding, and contract interactions honor the connected client’s configuration.

Neo N3 v3.10.0 compatibility

The SDK adds support for new wallet RPC methods introduced in Neo N3 v3.10.0, including signmsg, verifymsg, sign, and relay. DeferredRelay plugin operations are covered through getpendingvaliduntilrelay and getrawpendingtx. Invocation diagnostics decoding has been updated for the v3.10.0 diagnostics.traces tree, and the transaction builder now deduplicates Conflicts attributes to match updated validation behavior.

CI and code quality

The test suite runs 748 tests under Swift 6 with warnings treated as errors. CI now includes repository-wide secret scanning via Gitleaks and dependency vulnerability scanning through Google’s OSV Scanner.

Background

NeoSwift was originally developed by Ben Gray through the GrantShares funding program. After the original repository went quiet in late 2023, R3E Network took over maintenance in August 2025. The rename and v3 – v4 overhaul mark a production maturity milestone for the Swift SDK within R3E’s multi-language strategy.

The neo-swift-sdk repository and release notes can be found at the link below:
https://github.com/r3e-network/neo-swift-sdk