Solidity references
Solidity is the dominant high-level, statically typed, object-oriented language for writing smart contracts that run on the Ethereum Virtual Machine (EVM) and EVM-compatible chains (including Layer 2s like Arbitrum). It powers the vast majority of DeFi, NFTs, DAOs, and other onchain applications.
Official documentation
These are the authoritative, always-current references.
- Solidity documentation: The single most important resource. Two sections are must reads:
- Solidity by Example
- Security Considerations
- Solidity Language Portal: Overview, translations, links to the compiler/repo.
- Ethereum.org developer docs: Smart contracts, EVM, testing, compiling, security, and the full stack. Excellent companion to the Solidity docs.
- Official GitHub Repository: Compiler source, issues, releases, and vulnerability reporting.
Learning paths and courses
The ecosystem moves fast; high-quality, free project-based courses outperform most books (which are slow to market).
- Cyfrin Updraft (Patrick Collins): Beginner-to-advanced, heavily project-based, uses Foundry from the start. Includes security/auditing tracks.
- RareSkills Ultimate Solidity Course: In-depth, trusted by security experts and auditors. Strong on real-world patterns and protocol walkthroughs.
- CryptoZombies: Classic interactive game-based introduction. A little outdated, but still excellent for absolute beginners to learn syntax and basic patterns quickly.
- Alchemy University: Online education platform for blockchain and Web3 development courses.
- Risein: Online education for blockchain and Web3 development courses.
- HackQuest: Ethereum development.
- LearnWeb3: Ethereum specific developer learning.
- Ethernaut: Interactive smart contract hacking game.
Paid courses
Development frameworks and tooling
- Foundry (Rust-based): Excellent fuzzing, mainnet forking, and cheat codes. Preferred by security researchers and DeFi protocols.
- Hardhat: JavaScript/TypeScript-first. Hardhat 3 brings a Rust-powered runtime for big performance gains. Outstanding stack traces, console.log in Solidity, vast plugin ecosystem (verification, gas reporter, etc.). Great for teams with frontend/web devs.
- Remix IDE (browser-based): Zero-setup prototyping, debugging, and deployment. Perfect for quickstarts and learning.
Other tools: VS Code + Solidity extensions, Slither (static analysis, integrates with Foundry), Etherscan/Blockscout for verification.
Security best practices and auditing
Security is non-negotiable—most exploits stem from reentrancy, access control, integer issues, oracle problems, or upgrade logic.
Core resources
- Solidity Docs → Security Considerations section.
- ConsenSys Diligence Smart Contract Best Practices
- OWASP Smart Contract Top 10
- OpenZeppelin Ethernaut
- Trail of Bits “Building Secure Contracts” GitHub repo
- Cyfrin Updraft Security & Auditing track
Libraries and standards
- OpenZeppelin Contracts: The gold standard for ERC-20/721/1155, access control (Ownable, Roles), upgradeable proxies (UUPS/Transparent), pausability, etc. Always audit your usage and prefer their implementations over custom code. OpenZeppelin GitHub repo.
Community, forums, ongoing learning
- Ethereum Stack Exchange: Best for technical Q&A
- awesome-solidity GitHub repo: Curated list of repos, tools, and examples
GitHub repositories worth studying
- Official compiler and examples
- OpenZeppelin/openzeppelin-contracts (read every line eventually).
- foundry-rs/forge-std
- NomicFoundation/hardhat
- ethereum/EIPs (track changes affecting the EVM/Solidity).
- Protocol repos (Uniswap, Aave, etc.) for real-world patterns.