neonewstoday.com
R3E Network has published a new version of NeoRust, a substantial maintenance release focused on code quality, security, and developer experience.
First launched in 2021, NeoRust is a Rust SDK that helps developers build on Neo N3 using a high-level API with unified error handling. The project received GrantShares funding in 2023 and includes tooling for cryptography, wallet management (BIP-39/44 HD wallets, multi-sig, and hardware wallet support), and RPC-based node interaction. It also supports smart contract deployment and invocation, NEP-17 token operations, WebSocket-based event monitoring, transaction simulation for fee estimation, and network configuration for MainNet, TestNet, and custom networks.
Key improvements in v1.0.3
Released on Feb. 7, NeoRust v1.0.3 follows a 10-round code review and refactoring effort that addresses error handling patterns, memory security, performance optimizations, and platform-specific functionality. The release is compatible with Neo-CLI v3.9.1, ensuring developers can leverage the latest Neo blockchain features including the contract fee whitelist, Treasury native contract, and enhanced execution fee factor precision introduced in the January 2026 Neo v3.9 update.
Error handling improvements
Descriptive error messages: The release replaces over 40 .unwrap() calls with .expect() containing descriptive error messages, improving the developer experience when debugging issues. Rather than encountering generic panic messages, developers now receive contextual information about what went wrong and where.
Code cleanup: Dead code removal eliminated unused fields, imports, and commented code throughout the codebase, reducing maintenance burden and improving code readability for contributors and users examining the SDK source.
Performance optimizations
Memory allocation efficiency: Nine vector allocations have been optimized with Vec::with_capacity() pre-allocation, reducing unnecessary memory reallocations during runtime operations. The release also removes four unnecessary .clone() operations, eliminating redundant memory copies that could impact performance in high-throughput scenarios.
Bounds checking: Added debug_assert! statements for buffer bounds in hot-path decoder methods provide additional safety guarantees during development and testing without impacting release build performance.
Documentation enhancements
Complete module coverage: The release adds comprehensive documentation to previously undocumented modules, achieving 100% documentation coverage for serde_with_utils and contract_manifest modules. All serde serialization helpers now include usage examples.
Memory layout documentation: Detailed documentation for the StackItem enum explains variant sizes and boxing considerations, helping developers understand memory usage patterns when working with Neo virtual machine stack items.
Zero-copy access methods: New as_array_ref() and as_map_entries() methods on StackItem provide efficient zero-copy access to array and map data without unnecessary allocations.
Version consistency: Documentation version mismatches are fixed, updating references from v1.0.1 to v1.0.3 across lib.rs and neo_types/mod.rs in four locations, while preserving historical references where appropriate.
Security improvements
NeoRust v1.0.3 introduces multiple security enhancements focused on protecting sensitive cryptographic material in memory:
Memory zeroization: Zeroize and ZeroizeOnDrop traits were implemented for KeyPair to securely clear private key bytes from memory when the key pair is dropped. Custom Drop implementations for Account and NEP6Account now ensure encrypted private key strings are zeroized, preventing sensitive data from persisting in memory after use.
Input validation: Added input validation assertions are included to prevent buffer underflows in debug builds, catching potential security issues during development before they reach production.
Dependency security: jsonwebtoken was upgraded from version 9.2.0 to 10.3.0 with the rust_crypto feature, eliminating the process-level CryptoProvider requirement and modernizing the cryptographic implementation.
Platform-specific fixes
The release also addresses platform-specific issues affecting credential storage on macOS and Windows:
macOS keychain integration: neo-cli macOS keychain integration was fixed by by replacing nonexistent standalone function calls (passwords::set_generic_password, get_generic_password, delete_generic_password) with the correct SecKeychain method API from security-framework 2.11. This ensures Neo wallet credentials can be properly stored and retrieved using the native macOS Keychain.
Windows credential store: A borrow-after-move compiler error (E0382) was resolved in Windows credential storage by reordering operations in store_windows_credential, placing the borrow before the HashMap::insert move operation. This fix ensures Windows users can properly store wallet credentials in the native Windows Credential Manager.
Code quality improvements
DRY principle application: A neo_config_lock() helper function in config.rs was extracted to eliminate four identical lock-plus-poison-recovery blocks in api_trait.rs, improving code maintainability and reducing duplication.
Clippy suppressions documented: Inline justification comments were added to all #![allow(clippy::...)] suppressions in src/lib.rs, documenting why specific linter warnings are intentionally disabled and ensuring these decisions remain visible to future contributors.
API cleanup: A dead nns field from RpcClient has been removed and with unused macros cleaned up, streamlining the public API surface and reducing confusion about which features are actively supported.
Platform support and availability
NeoRust v1.0.3 provides pre-built binaries for multiple platforms:
- Linux:
neorust-linux-amd64.tar.gz - macOS:
neorust-macos-amd64.tar.gz - Windows:
neorust-windows-amd64.zip
These binaries enable developers to use NeoRust’s CLI tooling without requiring a full Rust development environment.
Shortly after the v1.0.3 release, the team published v1.0.4 to address CI configuration and security audit settings, ensuring all automated checks pass cleanly while properly documenting known dependency advisories without available upstream fixes.
Compatibility
NeoRust v1.0.3 is compatible with Neo v3.9.1 and later, ensuring developers can build applications that leverage the latest Neo N3 protocol features. Developers using NeoRust should update to this version to benefit from improved error handling, enhanced security for cryptographic operations, and platform-specific fixes for credential storage on macOS and Windows.
The latest version of NeoRust can be downloaded from the link below:
https://crates.io/crates/neo3