From f1ab4d10ee92d209b270710add73ca8e96c86c2a Mon Sep 17 00:00:00 2001
From: Shargon <shargon@gmail.com>
Date: Wed, 26 Jun 2019 08:08:56 +0200
Subject: [PATCH 1/4] Clean memory

---
 neo/Cryptography/Helper.cs | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/neo/Cryptography/Helper.cs b/neo/Cryptography/Helper.cs
index 48410049f1..ff1bb8d3d7 100644
--- a/neo/Cryptography/Helper.cs
+++ b/neo/Cryptography/Helper.cs
@@ -79,7 +79,9 @@ public static byte[] Base58CheckDecode(this string input)
             byte[] checksum = buffer.Sha256(0, buffer.Length - 4).Sha256();
             if (!buffer.Skip(buffer.Length - 4).SequenceEqual(checksum.Take(4)))
                 throw new FormatException();
-            return buffer.Take(buffer.Length - 4).ToArray();
+            var ret = buffer.Take(buffer.Length - 4).ToArray();
+            Array.Clear(buffer, 0, buffer.Length);
+            return ret;
         }
 
         public static string Base58CheckEncode(this byte[] data)
@@ -88,7 +90,9 @@ public static string Base58CheckEncode(this byte[] data)
             byte[] buffer = new byte[data.Length + 4];
             Buffer.BlockCopy(data, 0, buffer, 0, data.Length);
             Buffer.BlockCopy(checksum, 0, buffer, data.Length, 4);
-            return Base58.Encode(buffer);
+            var ret = Base58.Encode(buffer);
+            Array.Clear(buffer, 0, buffer.Length);
+            return ret;
         }
 
         public static byte[] RIPEMD160(this IEnumerable<byte> value)

From b60c10c624000a55d35b8795ebd73736cbef7f9f Mon Sep 17 00:00:00 2001
From: Shargon <shargon@gmail.com>
Date: Wed, 26 Jun 2019 08:12:21 +0200
Subject: [PATCH 2/4] Other

---
 neo/Cryptography/Base58.cs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/neo/Cryptography/Base58.cs b/neo/Cryptography/Base58.cs
index bb5dd42df9..fd5bf4d432 100644
--- a/neo/Cryptography/Base58.cs
+++ b/neo/Cryptography/Base58.cs
@@ -29,6 +29,7 @@ public static byte[] Decode(string input)
             }
             byte[] tmp = new byte[bytes.Length - (stripSignByte ? 1 : 0) + leadingZeros];
             Array.Copy(bytes, stripSignByte ? 1 : 0, tmp, leadingZeros, tmp.Length - leadingZeros);
+            Array.Clear(bytes, 0, bytes.Length);
             return tmp;
         }
 

From 7c369e9138cc10c3b41edfbd5cbdb21d37b87625 Mon Sep 17 00:00:00 2001
From: Shargon <shargon@gmail.com>
Date: Wed, 26 Jun 2019 08:49:59 +0200
Subject: [PATCH 3/4] Other

---
 neo/Wallets/Wallet.cs | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/neo/Wallets/Wallet.cs b/neo/Wallets/Wallet.cs
index 6358a02995..5717e30655 100644
--- a/neo/Wallets/Wallet.cs
+++ b/neo/Wallets/Wallet.cs
@@ -148,12 +148,19 @@ public static byte[] GetPrivateKeyFromNEP2(string nep2, string passphrase, int N
                 throw new FormatException();
             byte[] addresshash = new byte[4];
             Buffer.BlockCopy(data, 3, addresshash, 0, 4);
-            byte[] derivedkey = SCrypt.DeriveKey(Encoding.UTF8.GetBytes(passphrase), addresshash, N, r, p, 64);
+            byte[] datapassphrase = Encoding.UTF8.GetBytes(passphrase);
+            byte[] derivedkey = SCrypt.DeriveKey(datapassphrase, addresshash, N, r, p, 64);
+            Array.Clear(datapassphrase, 0, datapassphrase.Length);
             byte[] derivedhalf1 = derivedkey.Take(32).ToArray();
             byte[] derivedhalf2 = derivedkey.Skip(32).ToArray();
+            Array.Clear(derivedkey, 0, derivedkey.Length);
             byte[] encryptedkey = new byte[32];
             Buffer.BlockCopy(data, 7, encryptedkey, 0, 32);
+            Array.Clear(data, 0, data.Length);
             byte[] prikey = XOR(encryptedkey.AES256Decrypt(derivedhalf2), derivedhalf1);
+            Array.Clear(encryptedkey, 0, encryptedkey.Length);
+            Array.Clear(derivedhalf1, 0, derivedhalf1.Length);
+            Array.Clear(derivedhalf2, 0, derivedhalf2.Length);
             ECPoint pubkey = Cryptography.ECC.ECCurve.Secp256r1.G * prikey;
             UInt160 script_hash = Contract.CreateSignatureRedeemScript(pubkey).ToScriptHash();
             string address = script_hash.ToAddress();

From 3720927bef09eca3f16760882e0b33c5443e5566 Mon Sep 17 00:00:00 2001
From: Shargon <shargon@gmail.com>
Date: Wed, 26 Jun 2019 12:01:33 +0200
Subject: [PATCH 4/4] Update Wallet.cs

---
 neo/Wallets/Wallet.cs | 1 -
 1 file changed, 1 deletion(-)

diff --git a/neo/Wallets/Wallet.cs b/neo/Wallets/Wallet.cs
index 5717e30655..fc490dbea7 100644
--- a/neo/Wallets/Wallet.cs
+++ b/neo/Wallets/Wallet.cs
@@ -158,7 +158,6 @@ public static byte[] GetPrivateKeyFromNEP2(string nep2, string passphrase, int N
             Buffer.BlockCopy(data, 7, encryptedkey, 0, 32);
             Array.Clear(data, 0, data.Length);
             byte[] prikey = XOR(encryptedkey.AES256Decrypt(derivedhalf2), derivedhalf1);
-            Array.Clear(encryptedkey, 0, encryptedkey.Length);
             Array.Clear(derivedhalf1, 0, derivedhalf1.Length);
             Array.Clear(derivedhalf2, 0, derivedhalf2.Length);
             ECPoint pubkey = Cryptography.ECC.ECCurve.Secp256r1.G * prikey;