Solidity is the dominant programming language for writing Ethereum smart contracts. A statically-typed, object-oriented language influenced by C++, Python, and JavaScript, Solidity compiles to EVM bytecode — the binary format that runs on every Ethereum node. Virtually every major DeFi protocol, NFT contract, and DAO on Ethereum (and EVM-compatible chains) is written in Solidity.
Key Characteristics
Statically typed: Variable types must be declared at compile time. No implicit type conversions.
Contract-oriented: Code is organized into contract units analogous to classes, containing state variables, functions, events, and modifiers.
EVM target: Compiles to EVM bytecode; inherits EVM constraints (256-bit arithmetic, gas costs, storage model).
Version-specific: Contracts specify a compiler version with pragma solidity ^0.8.0; to prevent compilation with incompatible versions.
Core Language Features
“`solidity
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
contract SimpleStorage {
uint256 public storedValue; // State variable (stored on blockchain)
event ValueChanged(uint256 newValue); // Event (logged off-chain)
function store(uint256 value) external {
storedValue = value;
emit ValueChanged(value);
}
function retrieve() external view returns (uint256) {
return storedValue;
}
}
“`
Key concepts:
- State variables — Stored permanently on the blockchain (gas-expensive)
- Functions —
view(read-only),pure(no state access),external/public/internal/private - Events — Log data off-chain (cheap); indexed for fast retrieval
- Modifiers — Reusable function guards (e.g.,
onlyOwner) - Mappings — Key-value stores:
mapping(address => uint256) balances - Structs — Custom data types
Security-Critical Patterns
Solidity’s design has produced recurring vulnerability classes:
| Vulnerability | Description | Famous Exploit |
|---|---|---|
| Reentrancy | Contract calls external contract before updating state | The DAO hack (2016, $60M) |
| Integer overflow | Arithmetic wraps around fixed integer bounds | Multiple DeFi hacks (pre-Solidity 0.8) |
| tx.origin auth | Using tx.origin instead of msg.sender for auth | Phishing attacks |
| Unchecked return values | Ignoring failed external calls | Various token transfer bugs |
| Front-running | Transactions visible in mempool before confirmation | DEX sandwich attacks |
Solidity 0.8 (2020) added built-in overflow checking, eliminating the integer overflow class as a default concern. SafeMath libraries (used pre-0.8) are no longer needed for basic arithmetic.
Common Frameworks and Tools
| Tool | Purpose |
|---|---|
| Hardhat | JS testing framework and local development environment |
| Foundry | Rust-based testing framework; fast, Solidity-native tests |
| Remix IDE | Browser-based IDE for quick prototyping |
| OpenZeppelin | Audited contract library (ERC-20, ERC-721, access control) |
| Slither | Static analysis tool for vulnerability detection |
| Mythril | Symbolic execution security scanner |
Alternatives to Solidity
| Language | Target | Notes |
|---|---|---|
| Vyper | EVM | Python-influenced, simpler, more auditable |
| Fe | EVM | Rust-inspired, safety-focused |
| Cairo | StarkNet | ZK-native VM, very different model |
| Rust/Anchor | Solana | Not EVM at all; separate ecosystem |
| Move | Aptos/Sui | Asset-oriented, safety guarantees |
History
- 2014 — Gavin Wood proposes Solidity at Devcon 0 (Berlin). Christian Reitwiessner leads development.
- 2015 — First compiler released alongside Ethereum mainnet launch.
- 2016 — The DAO hack (reentrancy vulnerability) triggers major security focus in the community.
- 2017 — ICO boom; Solidity adoption explodes as thousands of token contracts deployed.
- 2020 — Solidity 0.8 introduces overflow checking; Foundry begins displacing Hardhat as developer preference.
- 2021-present — DeFi protocols, bridges, and NFTs produce billions in hacks, driving demand for formal verification tools.
Social Media Sentiment
Solidity is treated as a necessary but imperfect tool in developer communities. r/ethdev and Ethereum Discord servers are primary support communities. The language is criticized for footguns that have produced billions in hacks, but praised for its massive developer ecosystem and tooling. Foundry’s rise sparked strong community enthusiasm for Solidity testing. Competing ecosystems (Solana, Aptos) argue their native languages are safer; Ethereum developers counter that audited OpenZeppelin libraries and mature tooling compensate.
Last updated: 2026-04
Related Terms
Sources
- Wood, G. (2014). Ethereum: A Secure Decentralised Generalised Transaction Ledger (Yellow Paper). Ethereum Foundation.
- Atzei, N., Bartoletti, M., & Cimoli, T. (2017). A Survey of Attacks on Ethereum Smart Contracts (USENIX 2017). CCS’17 Proceedings.
- ConsenSys Diligence. (2023). Ethereum Smart Contract Security Best Practices. ConsenSys GitHub.