Prepared for: CityOfZion / CoZ open-source payment review
Project: FORGE, HushNetwork token launcher on Neo N3
Date: 2026-04-26
Scope: FORGE low-cost NEP-17 token creation work and NeonJS dependency/security maintenance
This report covers the FORGE work delivered for low-cost token creation on Neo N3 and the related open-source maintenance work submitted to NeonJS.
The FORGE work went through three architecture iterations:
- A lean NEP-17 token template.
- Local transfer economics and authority controls for lean tokens.
- A wallet-native ultra-lean facade backed by a shared engine.
The final architecture keeps normal wallet behavior while reducing repeated per-token smart contract logic. The measurements also show why Neo may benefit from a future token-id-aware MultiToken standard for launchpad-style fungible tokens.
FEAT-108 delivered the first lower-cost LEAN token creation profile for FORGE.
Delivered capabilities:
- A LEAN NEP-17 token creation path.
- Normal wallet-facing token behavior through standard NEP-17 methods.
- TokenOwner lifecycle behavior for lean tokens.
- Lower direct deployment cost compared with the full token template.
- Regression coverage for creation, ownership, lock/read-only behavior, and wallet-compatible token behavior.
Measured direct deployment saving:
- Full direct deployment:
13.41626620GAS. - LEAN direct deployment:
11.94003510GAS. - Saving:
1.47623110GAS /11.00%.
This work proved the basic lower-cost direction, but the architecture was later superseded by the FEAT-111 facade plus shared-engine model.
FEAT-109 completed the economics model for LEAN tokens.
Delivered capabilities:
- Transfer quotes for LEAN tokens.
- Platform fee calculation and application.
- Creator fee calculation, accrual, and claim flow.
- Burn-rate behavior.
- TokenOwner controls for token-local economics.
- READ-ONLY behavior for token-owner-controlled properties.
- Platform-owner control over platform fee policy.
- Isolation of token economics and authority.
Important authority result:
- TokenOwners can manage their own token properties.
- TokenOwners cannot mutate platform fee policy.
- READ-ONLY freezes TokenOwner-controlled fields but does not freeze platform-owned platform fee policy.
This work established the economics and authority behavior that informed the later shared-engine architecture.
FEAT-111 delivered the current FORGE LEAN architecture.
Delivered architecture:
- Full profile: deploys one dedicated full NEP-17 token contract per token.
- LEAN profile: deploys one small NEP-17 facade contract per token.
- Shared engine: stores token-scoped state and reusable logic for all LEAN facade tokens.
- Wallet identity: the facade contract hash remains the wallet-visible token hash.
- Internal identity: a token id scopes LEAN state inside the shared engine.
- Normal wallets can still use the standard NEP-17 facade without knowing about the shared engine.
Why this architecture was chosen:
- Existing wallets and generic indexers expect one NEP-17 asset per contract hash.
- A pure shared multi-token contract would be much cheaper.
- A pure shared multi-token contract is not normal NEP-17 wallet-compatible today because the
existing standard does not include token id in
symbol,decimals,totalSupply,balanceOf,transfer, orTransferevents.
Validation evidence:
- Full contract suite passed:
301tests. - Focused LEAN/factory regression passed:
29tests. - Neo Express LEAN creation/admin/transfer/cross-token rejection smoke passed.
- Full token creation smoke passed.
- Forge artifact verification passed.
- Forge lint, unit tests, and production build passed.
Current status:
- Technical evidence is complete.
- Final product acceptance remains gated on review of whether the measured
12.59%saving is enough to present LEAN as a product path.
| Path | Wallet/indexer compatible today? | Per-token cost | Difference vs full |
|---|---|---|---|
| Full NEP-17 token through TokenFactory | Yes | 13.95593220 GAS |
Baseline |
| Ultra-lean facade + shared-engine registration | Yes | 12.19824780 GAS |
Saves 1.75768440 GAS / 12.59% |
The wallet-compatible LEAN path is cheaper, but the saving is moderate.
| Setup item | Cost |
|---|---|
| Deploy shared engine | 13.69927040 GAS |
| Configure TokenFactory with shared engine | 0.04101230 GAS |
| Total one-time setup | 13.74028270 GAS |
If amortized only against the per-token saving, the setup breaks even after roughly 8 LEAN
tokens.
| Path | Wallet/indexer compatible today? | Per-token cost | Difference vs full |
|---|---|---|---|
| Full NEP-17 token through TokenFactory | Yes | 13.95593220 GAS |
Baseline |
| Shared master/engine registration only | No | 0.43633510 GAS |
Saves 13.51959710 GAS / 96.87% |
This is the major cost-saving path. It avoids per-token contract deployment almost entirely, but it needs a standard token-id-aware fungible-token interface before wallets and indexers can treat each logical token as a normal asset.
FORGE measurement and standardization comment:
neo-project/proposals#146 (comment)
Neo Multi Token Standard discussion:
FORGE uses NeonJS for Neo N3 integration. During FORGE development, several dependency and audit issues were found in NeonJS 5.x. The work was split into focused issues and PRs so maintainers can review one risk area at a time.
| PR | Summary |
|---|---|
| CityOfZion/neon-js#955 | Replace elliptic with @noble/curves while preserving NeonJS 5.x curve/signing behavior. |
| CityOfZion/neon-js#957 | Update direct production lodash dependency. |
| CityOfZion/neon-js#967 | Update API Extractor tooling. |
| CityOfZion/neon-js#968 | Update ESLint tooling. |
| CityOfZion/neon-js#969 | Update TSDoc lint tooling. |
| CityOfZion/neon-js#970 | Update Lerna/Nx tooling and related HTTP dependency paths. |
| CityOfZion/neon-js#971 | Update terser-webpack-plugin. |
| CityOfZion/neon-js#972 | Adjust jest-junit dependency. |
| CityOfZion/neon-js#973 | Update glob-matching transitive locks. |
| CityOfZion/neon-js#974 | Update parser/serialization transitive locks. |
| Issue | Summary |
|---|---|
| CityOfZion/neon-js#954 | Replace or mitigate elliptic in NeonJS 5.x due GHSA-848j-6mx2-7j84. |
| CityOfZion/neon-js#956 | Address production lodash audit finding. |
| CityOfZion/neon-js#958 | API Extractor / RushStack audit follow-up. |
| CityOfZion/neon-js#959 | ESLint / @eslint/plugin-kit audit follow-up. |
| CityOfZion/neon-js#960 | TSDoc / AJV tooling audit follow-up. |
| CityOfZion/neon-js#961 | Lerna / Nx audit follow-up. |
| CityOfZion/neon-js#962 | jest-junit / uuid audit follow-up. |
| CityOfZion/neon-js#963 | terser-webpack-plugin / serialize-javascript audit follow-up. |
| CityOfZion/neon-js#964 | axios / follow-redirects transitive HTTP dependency audit follow-up. |
| CityOfZion/neon-js#965 | Glob-matching dependency audit follow-up. |
| CityOfZion/neon-js#966 | Parser/serialization dependency audit follow-up. |
| CityOfZion/neon-js#975 | Final AJV lockfile recompute after tooling updates. |
Filtered PR list:
https://github.com/CityOfZion/neon-js/pulls?q=is%3Apr+author%3Aaboimpinto
This Proof of Working contributed to the Neo ecosystem in two ways:
- FORGE produced concrete architecture and GAS measurements for low-cost token creation on Neo N3.
- The measurements provide practical input for a possible MultiToken standard.
- NeonJS received focused upstream issues and PRs for production crypto dependency risk and audit surface reduction.
- The
ellipticreplacement work is especially important because it touches wallet signing behavior and avoids recommending an unsafe NeonJS major-version downgrade for current v5 users.