Add runtime parse helpers for UInt types

Author: Jim8y

docs/security/access-control-patterns.md

@@ -36,7 +36,7 @@ using Neo.SmartContract.Framework.Services;
 public class OwnerOnlyContract : SmartContract
 {
     // Define contract owner at deployment time
-    private static readonly UInt160 OWNER = "NiNmXL8FjEUEs1nfX9uHFBNaenxDHJtmuB".ToScriptHash();
+    private static readonly UInt160 OWNER = UInt160.Parse("NiNmXL8FjEUEs1nfX9uHFBNaenxDHJtmuB");
 
     /// <summary>
     /// Modifier to ensure only owner can execute function
@@ -100,7 +100,7 @@ Control access through a maintained list of authorized addresses.
 [DisplayName("WhitelistContract")]
 public class WhitelistContract : SmartContract
 {
-    private static readonly UInt160 OWNER = "NiNmXL8FjEUEs1nfX9uHFBNaenxDHJtmuB".ToScriptHash();
+    private static readonly UInt160 OWNER = UInt160.Parse("NiNmXL8FjEUEs1nfX9uHFBNaenxDHJtmuB");
     private static readonly StorageMap Whitelist = new(Storage.CurrentContext, "whitelist");
 
     /// <summary>
@@ -178,7 +178,7 @@ public class RBACContract : SmartContract
     private static readonly StorageMap RolePermissions = new(Storage.CurrentContext, "role_permissions");
 
     // Contract owner
-    private static readonly UInt160 OWNER = "NiNmXL8FjEUEs1nfX9uHFBNaenxDHJtmuB".ToScriptHash();
+    private static readonly UInt160 OWNER = UInt160.Parse("NiNmXL8FjEUEs1nfX9uHFBNaenxDHJtmuB");
 
     /// <summary>
     /// Initialize contract with default roles and permissions
@@ -615,7 +615,7 @@ Implement access control based on time constraints and schedules.
 [ContractDescription("Time-based access control patterns")]
 public class TimeBasedAccessContract : SmartContract
 {
-    private static readonly UInt160 OWNER = "NiNmXL8FjEUEs1nfX9uHFBNaenxDHJtmuB".ToScriptHash();
+    private static readonly UInt160 OWNER = UInt160.Parse("NiNmXL8FjEUEs1nfX9uHFBNaenxDHJtmuB");
     private static readonly StorageMap TimeWindows = new(Storage.CurrentContext, "time_windows");
     private static readonly StorageMap UserAccess = new(Storage.CurrentContext, "user_access");
 
@@ -928,4 +928,4 @@ public class AccessControlTests : TestBase<RBACContract>
 }
 ```
 
-Access control is the foundation of smart contract security. Always implement multiple layers of protection, test thoroughly, and follow the principle of least privilege to maintain a secure contract ecosystem.
+Access control is the foundation of smart contract security. Always implement multiple layers of protection, test thoroughly, and follow the principle of least privilege to maintain a secure contract ecosystem.

docs/security/security-best-practices.md

@@ -61,7 +61,7 @@ public static bool ProcessUserData(UInt160 user, string data, BigInteger amount)
 [DisplayName("RoleBasedContract")]
 public class RoleBasedContract : SmartContract
 {
-    private static readonly UInt160 OWNER = "NiNmXL8FjEUEs1nfX9uHFBNaenxDHJtmuB".ToScriptHash();
+    private static readonly UInt160 OWNER = UInt160.Parse("NiNmXL8FjEUEs1nfX9uHFBNaenxDHJtmuB");
 
     // Role definitions
     private const string ADMIN_ROLE = "admin";
@@ -110,6 +110,9 @@ public class RoleBasedContract : SmartContract
 }
 ```
 
+> **Note**  
+> When a script hash originates from runtime data, convert the value with `UInt160.Parse` (or cast from a validated byte array) before you return it. This keeps return statements strongly typed and prevents the NC4032 ReturnValueTypeAnalyzer from flagging implicit string conversions.
+
 ### Multi-Signature Security
 
 ```csharp
@@ -524,4 +527,4 @@ public class SecurityTests : TestBase<MyContract>
 }
 ```
 
-This comprehensive security guide provides the foundation for developing secure Neo smart contracts. Remember that security is an ongoing process, and you should regularly review and update your security practices as the ecosystem evolves.
+This comprehensive security guide provides the foundation for developing secure Neo smart contracts. Remember that security is an ongoing process, and you should regularly review and update your security practices as the ecosystem evolves.

docs/security/security-testing.md

@@ -97,25 +97,28 @@ public class SecurityTestPlan : TestBase<YourContract>
 public class SecurityTestAccounts
 {
     // Standard test accounts
-    public static readonly UInt160 Owner = "NiNmXL8FjEUEs1nfX9uHFBNaenxDHJtmuB".ToScriptHash();
-    public static readonly UInt160 ValidUser = "NXpRXq8e9gRaH5vVAEUkHQeXNHLZsUfz1G".ToScriptHash();
-    public static readonly UInt160 Attacker = "NVqXCjKHHi9xetyDhpEP6KtqCq8fHaXprC".ToScriptHash();
-    public static readonly UInt160 UnauthorizedUser = "Nb2CHYY4wTqPQv7hPYnKr6CjN4fEeX2vks".ToScriptHash();
+    public static readonly UInt160 Owner = UInt160.Parse("NiNmXL8FjEUEs1nfX9uHFBNaenxDHJtmuB");
+    public static readonly UInt160 ValidUser = UInt160.Parse("NXpRXq8e9gRaH5vVAEUkHQeXNHLZsUfz1G");
+    public static readonly UInt160 Attacker = UInt160.Parse("NVqXCjKHHi9xetyDhpEP6KtqCq8fHaXprC");
+    public static readonly UInt160 UnauthorizedUser = UInt160.Parse("Nb2CHYY4wTqPQv7hPYnKr6CjN4fEeX2vks");
 
     // Multi-sig test accounts
     public static readonly UInt160[] MultiSigSigners = new[]
     {
-        "NZNovmGqaNZF6P4qFUCcHzPE6GFU1F8ueT".ToScriptHash(),
-        "NeJSJ4YsH89g9XrEqwWM4yVMm8jYM4jHG9".ToScriptHash(),
-        "NbMKdHpJJ5T6K7gLhW2V8R9Q3wX5M8nTpN".ToScriptHash()
+        UInt160.Parse("NZNovmGqaNZF6P4qFUCcHzPE6GFU1F8ueT"),
+        UInt160.Parse("NeJSJ4YsH89g9XrEqwWM4yVMm8jYM4jHG9"),
+        UInt160.Parse("NbMKdHpJJ5T6K7gLhW2V8R9Q3wX5M8nTpN")
     };
 
     // Specialized test accounts
-    public static readonly UInt160 ContractCaller = "NYzKR3qP8BV5w2j8Q9VH6tXz5M7nXsY8Tp".ToScriptHash();
-    public static readonly UInt160 TokenHolder = "NQ5gR8pT9VX3j2m7W6hJ8kY5z4nP9qX7Bp".ToScriptHash();
+    public static readonly UInt160 ContractCaller = UInt160.Parse("NYzKR3qP8BV5w2j8Q9VH6tXz5M7nXsY8Tp");
+    public static readonly UInt160 TokenHolder = UInt160.Parse("NQ5gR8pT9VX3j2m7W6hJ8kY5z4nP9qX7Bp");
 }
 ```
 
+> **Note**  
+> The same `UInt160.Parse` helper is available inside contracts, so your tests can mimic the strongly typed returns enforced by analyzer NC4032.
+
 ## Unit Testing for Security
 
 ### Input Validation Testing
@@ -929,4 +932,4 @@ public class SecurityTestReport
 }
 ```
 
-Security testing is an ongoing process that should be integrated throughout the development lifecycle. Regular testing, automated scans, and comprehensive reporting ensure that your Neo smart contracts maintain high security standards and protect user assets effectively.
+Security testing is an ongoing process that should be integrated throughout the development lifecycle. Regular testing, automated scans, and comprehensive reporting ensure that your Neo smart contracts maintain high security standards and protect user assets effectively.

src/Neo.SmartContract.Analyzer/ReturnValueTypeAnalyzer.cs

@@ -24,7 +24,7 @@ public sealed class ReturnValueTypeAnalyzer : DiagnosticAnalyzer
     private static readonly DiagnosticDescriptor Rule = new(
         DiagnosticId,
         "Return type must match declaration",
-        "Return statements for '{0}' must return '{0}' values, but the expression has type '{1}'. Convert explicitly to '{0}'.",
+        "Return statements for '{0}' must return '{0}' values, but the expression has type '{1}'. Convert explicitly to '{0}' (e.g., cast or parse the runtime value).",
         "Usage",
         DiagnosticSeverity.Error,
         isEnabledByDefault: true,

src/Neo.SmartContract.Framework/ECPoint.cs

@@ -42,6 +42,17 @@ public extern bool IsValid
         [OpCode(OpCode.CONVERT, StackItemType.Buffer)]
         public static extern explicit operator byte[](ECPoint value);
 
+        [OpCode(OpCode.CONVERT, StackItemType.ByteString)]
+        [OpCode(OpCode.DUP)]
+        [OpCode(OpCode.ISNULL)]
+        [OpCode(OpCode.JMPIF, "09")]
+        [OpCode(OpCode.DUP)]
+        [OpCode(OpCode.SIZE)]
+        [OpCode(OpCode.PUSHINT8, "21")] // 0x21 == 33 bytes expected array size
+        [OpCode(OpCode.JMPEQ, "03")]
+        [OpCode(OpCode.THROW)]
+        public static extern ECPoint Parse(string value);
+
         /// <summary>
         /// Implicitly converts a hexadecimal string to a PublicKey object.
         /// Assumes the string is a valid hexadecimal representation.

src/Neo.SmartContract.Framework/UInt160.cs

@@ -56,6 +56,17 @@ public extern bool IsValid
         [OpCode(OpCode.CONVERT, StackItemType.Buffer)]
         public static extern explicit operator byte[](UInt160 value);
 
+        [OpCode(OpCode.CONVERT, StackItemType.ByteString)]
+        [OpCode(OpCode.DUP)]
+        [OpCode(OpCode.ISNULL)]
+        [OpCode(OpCode.JMPIF, "09")]
+        [OpCode(OpCode.DUP)]
+        [OpCode(OpCode.SIZE)]
+        [OpCode(OpCode.PUSHINT8, "14")] // 0x14 == 20 bytes expected array size
+        [OpCode(OpCode.JMPEQ, "03")]
+        [OpCode(OpCode.THROW)]
+        public static extern UInt160 Parse(string value);
+
         /// <summary>
         /// Converts the specified script hash to an address, using the current blockchain AddressVersion value.
         /// </summary>

src/Neo.SmartContract.Framework/UInt256.cs

@@ -54,6 +54,17 @@ public extern bool IsValid
         [OpCode(OpCode.CONVERT, StackItemType.Buffer)]
         public static extern explicit operator byte[](UInt256 value);
 
+        [OpCode(OpCode.CONVERT, StackItemType.ByteString)]
+        [OpCode(OpCode.DUP)]
+        [OpCode(OpCode.ISNULL)]
+        [OpCode(OpCode.JMPIF, "09")]
+        [OpCode(OpCode.DUP)]
+        [OpCode(OpCode.SIZE)]
+        [OpCode(OpCode.PUSHINT8, "20")] // 0x20 == 32 bytes expected array size
+        [OpCode(OpCode.JMPEQ, "03")]
+        [OpCode(OpCode.THROW)]
+        public static extern UInt256 Parse(string value);
+
         /// <summary>
         /// Implicitly converts a hexadecimal string to a UInt256 object.
         /// Assumes the string is a valid hexadecimal representation.

tests/Neo.SmartContract.Analyzer.UnitTests/ReturnValueTypeAnalyzerUnitTests.cs

@@ -27,14 +27,17 @@ public abstract class UInt160
     {
         public static extern implicit operator UInt160(string value);
         public static extern explicit operator UInt160(byte[] value);
+        public static UInt160 Parse(string value) => throw null!;
     }
     public abstract class UInt256
     {
         public static extern implicit operator UInt256(string value);
+        public static UInt256 Parse(string value) => throw null!;
     }
     public abstract class ECPoint
     {
         public static extern implicit operator ECPoint(string value);
+        public static ECPoint Parse(string value) => throw null!;
     }
 }
 """;
@@ -143,6 +146,42 @@ public static UInt160 Owner()
         await VerifyCS.VerifyAnalyzerAsync(code);
     }
 
+    [TestMethod]
+    public async Task UInt160Parse_AllowsReturn()
+    {
+        var code = WithFrameworkStub("""
+using Neo.SmartContract.Framework;
+
+class Contract : SmartContract
+{
+    public static UInt160 Owner(string input)
+    {
+        return UInt160.Parse(input);
+    }
+}
+""");
+
+        await VerifyCS.VerifyAnalyzerAsync(code);
+    }
+
+    [TestMethod]
+    public async Task UInt256Parse_AllowsReturn()
+    {
+        var code = WithFrameworkStub("""
+using Neo.SmartContract.Framework;
+
+class Contract : SmartContract
+{
+    public static UInt256 Hash(string input)
+    {
+        return UInt256.Parse(input);
+    }
+}
+""");
+
+        await VerifyCS.VerifyAnalyzerAsync(code);
+    }
+
     [TestMethod]
     public async Task ECPointReturnWithString_ReportsDiagnostic()
     {
@@ -181,6 +220,24 @@ public static UInt160 Owner()
         await VerifyCS.VerifyAnalyzerAsync(code);
     }
 
+    [TestMethod]
+    public async Task ECPointParse_AllowsReturn()
+    {
+        var code = WithFrameworkStub("""
+using Neo.SmartContract.Framework;
+
+class Contract : SmartContract
+{
+    public static ECPoint PubKey(string input)
+    {
+        return ECPoint.Parse(input);
+    }
+}
+""");
+
+        await VerifyCS.VerifyAnalyzerAsync(code);
+    }
+
     [TestMethod]
     public async Task NullReturn_DoesNotReportDiagnostic()
     {

tests/Neo.SmartContract.Framework.TestContracts/Contract_UInt.cs

@@ -29,5 +29,20 @@ public static string ToAddress(UInt160 value)
         {
             return value.ToAddress();
         }
+
+        public static byte[] ParseUInt160Bytes(byte[] value)
+        {
+            return (byte[])UInt160.Parse((string)(ByteString)value);
+        }
+
+        public static byte[] ParseUInt256Bytes(byte[] value)
+        {
+            return (byte[])UInt256.Parse((string)(ByteString)value);
+        }
+
+        public static byte[] ParseECPointBytes(byte[] value)
+        {
+            return (byte[])ECPoint.Parse((string)(ByteString)value);
+        }
     }
 }

tests/Neo.SmartContract.Framework.UnitTests/TestingArtifacts/Contract_UInt.cs

@@ -11,12 +11,12 @@ public abstract class Contract_UInt(Neo.SmartContract.Testing.SmartContractIniti
 {
     #region Compiled data
 
-    public static Neo.SmartContract.Manifest.ContractManifest Manifest => Neo.SmartContract.Manifest.ContractManifest.Parse(@"{""name"":""Contract_UInt"",""groups"":[],""features"":{},""supportedstandards"":[],""abi"":{""methods"":[{""name"":""isValidAndNotZeroUInt256"",""parameters"":[{""name"":""value"",""type"":""Hash256""}],""returntype"":""Boolean"",""offset"":0,""safe"":false},{""name"":""isValidAndNotZeroUInt160"",""parameters"":[{""name"":""value"",""type"":""Hash160""}],""returntype"":""Boolean"",""offset"":31,""safe"":false},{""name"":""isZeroUInt256"",""parameters"":[{""name"":""value"",""type"":""Hash256""}],""returntype"":""Boolean"",""offset"":62,""safe"":false},{""name"":""isZeroUInt160"",""parameters"":[{""name"":""value"",""type"":""Hash160""}],""returntype"":""Boolean"",""offset"":69,""safe"":false},{""name"":""toAddress"",""parameters"":[{""name"":""value"",""type"":""Hash160""}],""returntype"":""String"",""offset"":76,""safe"":false}],""events"":[]},""permissions"":[{""contract"":""0xacce6fd80d44e1796aa0c2c625e9e4e0ce39efc0"",""methods"":[""base58CheckEncode""]}],""trusts"":[],""extra"":{""Version"":""3.8.1"",""nef"":{""optimization"":""All""}}}");
+    public static Neo.SmartContract.Manifest.ContractManifest Manifest => Neo.SmartContract.Manifest.ContractManifest.Parse(@"{""name"":""Contract_UInt"",""groups"":[],""features"":{},""supportedstandards"":[],""abi"":{""methods"":[{""name"":""isValidAndNotZeroUInt256"",""parameters"":[{""name"":""value"",""type"":""Hash256""}],""returntype"":""Boolean"",""offset"":0,""safe"":false},{""name"":""isValidAndNotZeroUInt160"",""parameters"":[{""name"":""value"",""type"":""Hash160""}],""returntype"":""Boolean"",""offset"":31,""safe"":false},{""name"":""isZeroUInt256"",""parameters"":[{""name"":""value"",""type"":""Hash256""}],""returntype"":""Boolean"",""offset"":62,""safe"":false},{""name"":""isZeroUInt160"",""parameters"":[{""name"":""value"",""type"":""Hash160""}],""returntype"":""Boolean"",""offset"":69,""safe"":false},{""name"":""toAddress"",""parameters"":[{""name"":""value"",""type"":""Hash160""}],""returntype"":""String"",""offset"":76,""safe"":false},{""name"":""parseUInt160Bytes"",""parameters"":[{""name"":""value"",""type"":""ByteArray""}],""returntype"":""ByteArray"",""offset"":116,""safe"":false},{""name"":""parseUInt256Bytes"",""parameters"":[{""name"":""value"",""type"":""ByteArray""}],""returntype"":""ByteArray"",""offset"":138,""safe"":false},{""name"":""parseECPointBytes"",""parameters"":[{""name"":""value"",""type"":""ByteArray""}],""returntype"":""ByteArray"",""offset"":160,""safe"":false}],""events"":[]},""permissions"":[{""contract"":""0xacce6fd80d44e1796aa0c2c625e9e4e0ce39efc0"",""methods"":[""base58CheckEncode""]}],""trusts"":[],""extra"":{""Version"":""3.8.1"",""nef"":{""optimization"":""All""}}}");
 
     /// <summary>
     /// Optimization: "All"
     /// </summary>
-    public static Neo.SmartContract.NefFile Nef => Convert.FromBase64String(@"TkVGM1Rlc3RpbmdFbmdpbmUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHA7znO4OTpJcbCoGp54UQN2G/OrBFiYXNlNThDaGVja0VuY29kZQEAAQ8AAHRXAAF4NANAVwABeErZKCQGRQkiBsoAILMkBAlAeLFAVwABeDQDQFcAAXhK2SgkBkUJIgbKABSzJAQJQHixQFcAAXixqkBXAAF4sapAVwABeDQDQFcAAUFMSZLceDQDQFcBAhGIShB50HBoeItwaNsoNwAAQDJLNGU=").AsSerializable<Neo.SmartContract.NefFile>();
+    public static Neo.SmartContract.NefFile Nef => Convert.FromBase64String(@"TkVGM1Rlc3RpbmdFbmdpbmUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHA7znO4OTpJcbCoGp54UQN2G/OrBFiYXNlNThDaGVja0VuY29kZQEAAQ8AALZXAAF4NANAVwABeErZKCQGRQkiBsoAILMkBAlAeLFAVwABeDQDQFcAAXhK2SgkBkUJIgbKABSzJAQJQHixQFcAAXixqkBXAAF4sapAVwABeDQDQFcAAUFMSZLceDQDQFcBAhGIShB50HBoeItwaNsoNwAAQFcAAXjbKNsoStgkCUrKABQoAzrbMEBXAAF42yjbKErYJAlKygAgKAM62zBAVwABeNso2yhK2CQJSsoAISgDOtswQEeUpiI=").AsSerializable<Neo.SmartContract.NefFile>();
 
     #endregion
 
@@ -76,6 +76,75 @@ public abstract class Contract_UInt(Neo.SmartContract.Testing.SmartContractIniti
     [DisplayName("isZeroUInt256")]
     public abstract bool? IsZeroUInt256(UInt256? value);
 
+    /// <summary>
+    /// Unsafe method
+    /// </summary>
+    /// <remarks>
+    /// Script: VwABeNso2yhK2CQJSsoAISgDOtswQA==
+    /// INITSLOT 0001 [64 datoshi]
+    /// LDARG0 [2 datoshi]
+    /// CONVERT 28 'ByteString' [8192 datoshi]
+    /// CONVERT 28 'ByteString' [8192 datoshi]
+    /// DUP [2 datoshi]
+    /// ISNULL [2 datoshi]
+    /// JMPIF 09 [2 datoshi]
+    /// DUP [2 datoshi]
+    /// SIZE [4 datoshi]
+    /// PUSHINT8 21 [1 datoshi]
+    /// JMPEQ 03 [2 datoshi]
+    /// THROW [512 datoshi]
+    /// CONVERT 30 'Buffer' [8192 datoshi]
+    /// RET [0 datoshi]
+    /// </remarks>
+    [DisplayName("parseECPointBytes")]
+    public abstract byte[]? ParseECPointBytes(byte[]? value);
+
+    /// <summary>
+    /// Unsafe method
+    /// </summary>
+    /// <remarks>
+    /// Script: VwABeNso2yhK2CQJSsoAFCgDOtswQA==
+    /// INITSLOT 0001 [64 datoshi]
+    /// LDARG0 [2 datoshi]
+    /// CONVERT 28 'ByteString' [8192 datoshi]
+    /// CONVERT 28 'ByteString' [8192 datoshi]
+    /// DUP [2 datoshi]
+    /// ISNULL [2 datoshi]
+    /// JMPIF 09 [2 datoshi]
+    /// DUP [2 datoshi]
+    /// SIZE [4 datoshi]
+    /// PUSHINT8 14 [1 datoshi]
+    /// JMPEQ 03 [2 datoshi]
+    /// THROW [512 datoshi]
+    /// CONVERT 30 'Buffer' [8192 datoshi]
+    /// RET [0 datoshi]
+    /// </remarks>
+    [DisplayName("parseUInt160Bytes")]
+    public abstract byte[]? ParseUInt160Bytes(byte[]? value);
+
+    /// <summary>
+    /// Unsafe method
+    /// </summary>
+    /// <remarks>
+    /// Script: VwABeNso2yhK2CQJSsoAICgDOtswQA==
+    /// INITSLOT 0001 [64 datoshi]
+    /// LDARG0 [2 datoshi]
+    /// CONVERT 28 'ByteString' [8192 datoshi]
+    /// CONVERT 28 'ByteString' [8192 datoshi]
+    /// DUP [2 datoshi]
+    /// ISNULL [2 datoshi]
+    /// JMPIF 09 [2 datoshi]
+    /// DUP [2 datoshi]
+    /// SIZE [4 datoshi]
+    /// PUSHINT8 20 [1 datoshi]
+    /// JMPEQ 03 [2 datoshi]
+    /// THROW [512 datoshi]
+    /// CONVERT 30 'Buffer' [8192 datoshi]
+    /// RET [0 datoshi]
+    /// </remarks>
+    [DisplayName("parseUInt256Bytes")]
+    public abstract byte[]? ParseUInt256Bytes(byte[]? value);
+
     /// <summary>
     /// Unsafe method
     /// </summary>