Hashtag Web3 Logo
← Web3 Glossary

Solidity

The most popular programming language for writing smart contracts on Ethereum and EVM-compatible blockchains, designed for creating decentralized applications.

Smart ContractsIntermediate
Programming code for smart contracts

Solidity is a statically-typed, object-oriented programming language designed specifically for writing smart contracts on the Ethereum Virtual Machine (EVM). Created in 2014 by Gavin Wood and Christian Reitwiessner, Solidity combines syntax familiar to developers who know JavaScript and C++ with blockchain-specific features like built-in cryptocurrency handling and cryptographic functions. Solidity is widely used for decentralized applications, including Uniswap, a decentralized exchange. Beyond Ethereum, Solidity code runs on networks like Polygon, Arbitrum, and BNB Chain, making it the standard for multi-chain development. Proficiency in Solidity is a sought-after skill in Web3 job postings.

Why Solidity Exists

Traditional programming languages weren't designed for blockchain's unique constraints:

  • Immutability: Once deployed, smart contracts cannot be changed without upgrade patterns.
  • Gas Costs: Every operation costs gas, requiring optimization.
  • Determinism: Code must produce identical results across all nodes.
  • Value Transfer: Language needs built-in support for cryptocurrency handling.
  • Security: Bugs can result in significant financial losses.

Solidity addresses these blockchain-specific needs with features like:

  • Gas-aware optimizations
  • Built-in Ether handling
  • Event logging for off-chain indexing
  • Modifier patterns for access control
  • Special address types and mappings

Language Basics

  • File Structure:
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract MyToken {
 string public name = "MyToken";
 mapping(address => uint256) public balances;

 function transfer(address to, uint256 amount) public {
 require(balances[msg.sender] >= amount, "Insufficient balance");
 balances[msg.sender] -= amount;
 balances[to] += amount;
 }
}
  • Key Elements:
  • pragma: Specifies compiler version.
  • contract: Defines a smart contract, similar to a class.
  • State variables: Stored permanently on the blockchain.
  • Functions: Execute logic and modify state.
  • msg.sender: Built-in variable for transaction sender.
  • require: Validation that reverts if condition fails.

Data Types

  • Value Types:

  • bool: true/false

  • uint: Unsigned integers (uint8 to uint256)

  • int: Signed integers

  • address: 20-byte Ethereum address

  • bytes: Fixed or dynamic byte arrays

  • string: UTF-8 encoded text

  • Reference Types:

  • arrays: Fixed or dynamic lists

  • mappings: Key-value stores, like hash tables

  • structs: Custom data structures

  • Special Types:

  • address payable: Can receive Ether

  • enum: Enumerated types for state machines

  • Example:

contract DataTypes {
 address public owner;
 uint256 public totalSupply;
 mapping(address => uint256) public balances;
 struct User {
 string name;
 uint256 age;
 bool active;
 }
}

Functions and Visibility

  • Visibility Specifiers:

  • public: Callable internally and externally

  • external: Only callable from outside

  • internal: Only within contract and derived contracts

  • private: Only within current contract

  • State Mutability:

  • view: Reads state but doesn't modify

  • pure: Neither reads nor modifies state

  • payable: Can receive Ether

  • Example:

function getBalance(address user) public view returns (uint256) {
 return balances[user];
}

function deposit() public payable {
 balances[msg.sender] += msg.value;
}

Modifiers

Modifiers add reusable checks to functions:

modifier onlyOwner() {
 require(msg.sender == owner, "Not authorized");
 _; // Function body executes here
}

function withdraw() public onlyOwner {
 // Only owner can execute
}

Common modifier patterns include:

  • Access control (onlyOwner, onlyAdmin)
  • Reentrancy guards
  • Pausing mechanisms
  • Time locks

Events

Events log information for off-chain applications to react to:

event Transfer(address indexed from, address indexed to, uint256 value);

function transfer(address to, uint256 amount) public {
 // ... transfer logic
 emit Transfer(msg.sender, to, amount);
}

Events are cheaper than storage and essential for:

  • DApp front-ends monitoring activity
  • Analytics and indexing
  • Transaction receipts
  • Historical lookups

Inheritance

Solidity supports multiple inheritance:

contract ERC20 {
 function transfer(address to, uint256 amount) public virtual {
 // Base implementation
 }
}

contract MyToken is ERC20 {
 function transfer(address to, uint256 amount) public override {
 // Custom implementation
 super.transfer(to, amount);
 }
}

This enables code reuse through:

  • OpenZeppelin contracts, which are standardized and audited implementations
  • Abstract contracts defining interfaces
  • Libraries for common functionality

Interfaces

Define contract structure without implementation:

interface IERC20 {
 function transfer(address to, uint256 amount) external returns (bool);
 function balanceOf(address account) external view returns (uint256);
}

contract MyContract {
 function interactWith(IERC20 token) public {
 uint256 balance = token.balanceOf(address(this));
 }
}

Interfaces are important for contract composability, allowing interaction with any contract implementing the interface.

Libraries

Reusable code deployed once and used by many contracts:

library SafeMath {
 function add(uint256 a, uint256 b) internal pure returns (uint256) {
 uint256 c = a + b;
 require(c >= a, "Overflow");
 return c;
 }
}

contract MyContract {
 using SafeMath for uint256;

 function calculate(uint256 a, uint256 b) public pure returns (uint256) {
 return a.add(b);
 }
}

OpenZeppelin libraries provide implementations for:

  • Math operations
  • Access control
  • Token standards
  • Security patterns

Error Handling

  • require: Validates inputs and conditions, refunds remaining gas.
  • revert: Similar to require but can include custom errors.
  • assert: Checks for internal errors, consumes all gas.
// Before Solidity 0.8.4
require(balance >= amount, "Insufficient balance");

// Custom errors (0.8.4+)
error InsufficientBalance(uint256 available, uint256 required);

function transfer(uint256 amount) public {
 if (balance < amount) {
 revert InsufficientBalance(balance, amount);
 }
}

Custom errors save gas compared to string messages.

Gas Optimization Techniques

Solidity developers must optimize for gas costs:

  • Storage vs Memory: Storage is expensive, memory is cheaper.
// Expensive: Multiple storage reads
function badLoop() public {
 for (uint i = 0; i < users.length; i++) {
 // Each users.length is a storage read
 }
}

// Optimized: Cache in memory
function goodLoop() public {
 uint256 length = users.length; // One storage read
 for (uint i = 0; i < length; i++) {
 // Uses memory variable
 }
}
  • Variable Packing: Pack multiple small variables into a single storage slot.
// Uses 3 storage slots (expensive)
uint128 a;
uint256 b;
uint128 c;

// Uses 2 storage slots (cheaper)
uint128 a;
uint128 c;
uint256 b;
  • Short-Circuit Evaluation: Order conditions to fail fast.
  • Use events not storage: Where possible, emit events instead of storing data.
  • External vs Public: External functions are cheaper for external calls.

Security Considerations

  • Reentrancy: An attacker calls back into the contract before state updates.
// Vulnerable
function withdraw() public {
 uint256 amount = balances[msg.sender];
 (bool success,) = msg.sender.call{value: amount}("");
 require(success);
 balances[msg.sender] = 0; // Too late!
}

// Secure: Checks-Effects-Interactions pattern
function withdraw() public {
 uint256 amount = balances[msg.sender];
 balances[msg.sender] = 0; // Update state first
 (bool success,) = msg.sender.call{value: amount}("");
 require(success);
}
  • Integer Overflow: Solidity 0.8+ has built-in overflow protection.
  • Access Control: Always validate msg.sender for privileged functions.
  • Oracle Manipulation: Validate external data sources.
  • Front-Running: Be aware of MEV and transaction ordering.

The DAO hack and Parity wallet freeze demonstrate the critical importance of secure Solidity code.

Development Tools

  • Hardhat: Popular development environment for testing and deployment.

  • Foundry: Rust-based toolkit for fast, Solidity-native testing.

  • Remix: Browser-based IDE for learning and quick prototyping.

  • Truffle: Older framework still widely used.

  • Testing:

const { expect } = require("chai");

describe("Token", function () {
 it("Should transfer tokens", async function () {
 const Token = await ethers.getContractFactory("MyToken");
 const token = await Token.deploy();
 await token.transfer(addr1.address, 50);
 expect(await token.balanceOf(addr1.address)).to.equal(50);
 });
});

Solidity Versions and Evolution

  • Major Updates:
  • 0.4.x: Early production versions.
  • 0.5.x: Breaking changes improving safety.
  • 0.6.x: Improved syntax.
  • 0.7.x: More security features.
  • 0.8.x: Built-in overflow protection and custom errors.

Always specify the exact version or tight range:

pragma solidity 0.8.19; // Exact
pragma solidity ^0.8.0; // Compatible with 0.8.x

Breaking changes between versions mean older contracts need updates.

EVM Compatibility

Solidity compiles to EVM bytecode, making it portable across:

  • Ethereum mainnet
  • Layer 2s (Arbitrum, Optimism)
  • Sidechains (Polygon, BNB Chain)
  • Alt-L1s (Avalanche C-Chain, Fantom)

One codebase can deploy across multiple chains, though gas costs and available opcodes may vary slightly.

Alternatives to Solidity

  • Vyper: Python-like syntax, prioritizes security and auditability.
  • Rust: Used for Solana and NEAR smart contracts.
  • Move: Used in Aptos and Sui, designed for asset-oriented programming.
  • Cairo: StarkNet's language for ZK proofs.

Solidity remains dominant with the largest developer community and most tooling.

Career Opportunities

  • Solidity Developer: Writes smart contracts for DeFi, NFTs, and DAOs. High demand exists, especially for those with security expertise.

  • Smart Contract Auditor: Reviews code for vulnerabilities. This role is critical given the stakes involved.

  • Protocol Engineer: Designs complex protocol interactions, optimizes gas, and implements upgrade patterns.

  • Blockchain Architect: Plans contract architecture, selects design patterns, and oversees development teams.

  • DevRel Engineer: Creates tutorials, documentation, and sample contracts to help developers adopt protocols.

  • Solidity Instructor: Teaches bootcamps, creates courses, and writes educational content.

  • Security Researcher: Finds vulnerabilities, participates in bug bounties, and publishes security research.

Learning Path

  1. Basics: Variables, functions, control flow.
  2. Intermediate: Inheritance, interfaces, events, error handling.
  3. Advanced: Gas optimization, security patterns, upgrade mechanisms.
  4. Expert: Complex protocols, cross-contract interactions, novel patterns.
  • Resources:
  • Solidity documentation (official)
  • CryptoZombies (interactive tutorials)
  • OpenZeppelin contracts (code examples)
  • Ethernaut (security challenges)
  • Immunefi (bug bounties for practice)

Mastering Solidity opens doors to high-paying programming roles in tech. Understanding Solidity deeply, from language features to gas optimization to security patterns, is essential for a successful blockchain development career. The ecosystem continues to evolve with new patterns, tools, and best practices.

Find Solidity Jobs

Explore positions at companies working with Solidity technology

Browse open roles

Learn More

Read in-depth articles and guides about Web3 careers and technology

Explore the blog