Introduction
Welcome to the Senior Engineer's Solidity book.
Ethereum development practices have rapidly shifted over the years. The published educational content tends to lag behind the current industry best practices. Historically, the best developers have not been able to allocate time on writing about how they became so good.
With this book, we hope to provide an up to date list of techniques that must be part of your development toolkit.
Due to the rapid evolution of the space, we expect this to be a living document. If you enjoy this resource and would like to contribute back to it, take a look at the Github Issues.
If you already think you can navigate your way around Solidity and Hardhat, you can jump on to the next chapter. If not, read below.
I do not know anything. Where do I start?
Instead of re-hashing content which has been written about before, we instead provide a curated list of topics that we'll assume familiarty with from the reader.
-
How does Ethereum work?
-
Basic Solidity (to write smart contracts):
- CryptoZombies: A gentle introduction to Solidity via an interactive code school.
- Solidity Documentation: The documentation is always up to date with the latest Solidty changes and syntax. It provides a great end-to-end description of the language. You MUST have read this resource in its entirety.
- Solidity by Example: A tour through Solidity's syntax via a set of illustrative examples.
- Learn Solidity in Y minutes One-page example on Solidity's syntax.
- Solidity Cheatsheet A cheatsheet.
-
Hardhat & Typescript (to develop and test locally):
- Hardhat Documentation: Hardhat is a smart contract development framework providing utilities for compiling, testing and deploying smart contracts written in Solidity with Javascript (JS) and Typescript (TS).
- Ethers.js Documentation: Ethers.js is the most widely used and flexible development library for interacting with Ethereum from JS and TS
- Typescript cheatsheet: We will be using TS instead of JS in order to leverage types to make our code more robust.
- Solidity Template: An opinionated Hardhat + TS repository set up including boilerplate and other popular tools
-
Smart contract patterns (to learn about the fundamental smart contract building blocks):
- Solidity Patterns (code): A curated list of patterns which you will encounter in the wild.
- OpenZeppelin (code): A library of secure smart contracts ranging from access control, tokens, governance, proxies and more.
-
Smart contract security (to learn about the mistakes others before you made): We emphasize the need to be familiar with the concepts in the links below. Security must be the number one priority in any smart contract developer's mindset.
- Smart Contract Security Best Practices A timeless must-read resource on "how to write secure smart contracts".
- Reports by security auditors:
Setting up your development environment
Libraries / CLIs
Throughout the guide, we'll be using Solidity and Hardhat. Thankfully, we only require having NodeJS installed globally. Everything else will be happening within a Node package, and as a result the dependencies will be isolated there.
We recommend using nvm to install and manage node versions as you may encounter tooling that requires having versions other than the one you have installed.
Additional Tooling
- Slither (video guide): A static analyzer which will find low-hanging fruit issues in your code.
- Echidna (tutorial): An Ethereum smart contract fuzzer, used for uncovering edge cases.
- prettier-solidity (Example Configuration): A Prettier plugin for automatically formatting your Solidity code.
Plugins for editors
Syntax highlighting is provided in the following plugins per editor:
In addition, there's a few useful VS Code plugins:
As of Solidity v0.8.11 you can configure the Solidity Language Server to report errors and warnings. However, this preview version of the Language Server is still a work in progress and features such as automatic code completion have not yet been added.
Principles
From a high level, you should be thinking of smart contract programming as programming critical infrastructure software. What makes them very powerful is that even less than a hundred lines of Solidity can contain code which secures millions of dollars. If your contracts are not upgradeable,
There's a few high-level rules one should follow when developing smart contracts:
- Avoid inheritance
- Straight forward control flow
- Ideally each file <300 LOC
- YAGNI
- Keep only whats necessary, convenience funcs can live elsewhere
- Fuzz, invariant test, symbolically execute and audit the shit out of everything