Solidity is a statically-typed, high-level, object-oriented programming language designed for developing smart contracts on the Ethereum Virtual Machine (EVM). Whether you’re a fresher entering the blockchain space or an experienced developer preparing for a senior role, this comprehensive guide covers essential Solidity interview questions across all difficulty levels.
Basic Level Questions (Freshers)
1. What is Solidity?
Solidity is a statically-typed, high-level programming language specifically designed for developing smart contracts that run on the Ethereum Virtual Machine (EVM). It enables developers to create self-executing contracts with business logic embedded directly into the blockchain.
2. What are the main components of a Solidity smart contract?
A Solidity contract consists of several key components:
- Pragma statement: Specifies the required version of the Solidity compiler
- State variables: Store the contract’s data persistently on the blockchain
- Constructor: A special function called once at contract deployment to initialize state variables
- Functions: Define the logic and behavior of the contract
- Modifiers: Reusable code snippets that modify function behavior or enforce restrictions
- Events: Custom data structures that emit transaction logs for external monitoring
3. Explain the difference between private, internal, public, and external functions in Solidity.
Private functions can only be called within the same contract. Internal functions can be called within the same contract and by derived contracts. Public functions can be called from anywhere—internally, externally, or by other contracts. External functions can only be called from outside the contract, not internally (unless called through this.functionName()).
4. What is the difference between storage and memory variables in Solidity?
Storage variables are permanent and reside on the blockchain, persisting between function calls. Memory variables are temporary and exist only during function execution. Storage is significantly more expensive in terms of gas costs compared to memory, making it important to optimize which data type you use for different scenarios.
5. What is a smart contract?
A smart contract is a self-executing program deployed on the blockchain that automatically enforces and executes agreements when predetermined conditions are met. Smart contracts remove the need for intermediaries and enable trustless transactions across multiple parties.
6. Why is Solidity used in blockchain development?
Solidity is used because it enables developers to create smart contracts for automated transactions on the blockchain. It supports various use cases including multi-signature wallets, voting systems, auctions, crowdfunding, and other decentralized applications. Smart contracts automate business logic and reduce reliance on centralized intermediaries.
7. What does the Solidity compiler do?
The Solidity compiler translates human-readable Solidity code into bytecode, which is low-level machine code understood by the Ethereum Virtual Machine (EVM). The compiler also generates the Application Binary Interface (ABI), which defines how external applications can interact with the contract. The compiler includes optimization techniques to improve contract efficiency and reduce gas costs.
8. Define visibility modifiers in Solidity.
Visibility modifiers control access to functions and variables. Public members are accessible everywhere. Private members are only accessible within the contract. Internal members are accessible within the contract and by derived contracts. External members are only callable from outside the contract. These modifiers are essential for data access control and security.
9. What is the purpose of the constructor in a Solidity contract?
A constructor is a special function executed exactly once when the contract is deployed on the blockchain. It is primarily used to initialize state variables with their starting values. Constructors are essential for setting up the initial state of a contract and configuring any necessary parameters at deployment time.
10. What are events in Solidity?
Events are custom data structures that emit transaction logs to the blockchain, allowing external applications and listeners to monitor contract activity and state changes. Events are more gas-efficient than storing data directly in state variables for logging purposes. They enable off-chain applications to react to on-chain state changes in real-time.
Intermediate Level Questions (1–3 years experience)
11. Explain the concept of modifiers in Solidity and provide an example use case.
Modifiers are reusable code snippets that modify function behavior, commonly used to enforce access restrictions or validate inputs before function execution. For example, an onlyOwner modifier can restrict certain functions to be called only by the contract owner:
modifier onlyOwner() {
require(msg.sender == owner);
_;
}
function withdrawFunds() public onlyOwner {
// Only owner can execute this
}Modifiers reduce code duplication and improve security by centralizing access control logic.
12. What is the difference between call, delegatecall, and staticcall?
call executes a function in another contract in the context of that contract, changing its state if needed. delegatecall executes code from another contract but within the calling contract’s context, meaning state changes affect the calling contract’s storage. staticcall is similar to call but reverts if the called function attempts to modify state. The choice between these depends on your use case: proxy patterns typically use delegatecall, while external interactions typically use call.
13. How do you approach testing a Solidity smart contract?
Testing is critical for smart contract security because user funds are directly tied to code correctness. Popular testing frameworks like Truffle and Hardhat enable developers to write unit tests simulating various scenarios. A robust testing approach involves testing normal functionality, edge cases, and potential security vulnerabilities. Testing should verify that contract behavior matches specifications and identify potential attack vectors before deployment.
14. What is the difference between create and create2 in Solidity?
create deploys a new contract and assigns it an address based on the deployer’s address and nonce. create2 allows you to predict the contract’s address before deployment using a salt parameter, enabling deterministic address generation. create2 is useful for proxy patterns and scenarios where you need to know a contract’s address in advance.
15. Explain the concept of gas and why it matters in Solidity development.
Gas is the computational cost of executing operations on the Ethereum network, measured in wei. Every operation consumes a specific amount of gas, and users pay for this gas to execute transactions. Gas optimization is crucial because high gas costs make contracts expensive to use. Developers must understand which operations are gas-efficient and structure contracts to minimize unnecessary computation and storage operations.
16. What major change happened with arithmetic in Solidity 0.8.0?
Solidity 0.8.0 introduced automatic overflow and underflow checking for arithmetic operations. In earlier versions, integers could silently overflow or underflow without triggering errors. Now, operations that would overflow or underflow automatically revert with an error, significantly improving contract security and eliminating the need for external SafeMath libraries.
17. What is a proxy contract and how does it work?
A proxy contract forwards function calls to an implementation contract while maintaining its own storage. This pattern enables contract upgradability by changing the implementation contract address without losing state data. Proxy contracts use delegatecall to execute code from the implementation contract within the proxy’s context, allowing state to persist across upgrades.
18. Describe the role of the ABI (Application Binary Interface) in Solidity contracts.
The ABI is a JSON representation of a contract’s interface, generated by the Solidity compiler. It specifies all functions, their parameters, return types, and events. External applications, wallets, and other contracts use the ABI to understand how to interact with a deployed contract. Without the ABI, external systems cannot properly call contract functions.
19. What are mappings in Solidity and how do they differ from arrays?
Mappings are key-value data structures that map keys to values, providing O(1) lookup time and not storing keys explicitly. Arrays are ordered collections with indexed access. Mappings cannot be iterated over directly and don’t have a length property. Arrays can be iterated but have higher gas costs for large datasets. Use mappings for efficient lookups and arrays when you need ordered data or iteration.
20. Explain the concept of inheritance in Solidity.
Inheritance allows a contract to inherit properties and functions from a base contract, enabling code reuse and abstraction. Solidity supports multiple inheritance, where a contract can inherit from multiple base contracts. Derived contracts can override parent functions, and the super keyword allows calling parent function implementations. Inheritance is essential for building modular and maintainable smart contract systems.
Advanced Level Questions (3+ years experience)
21. What is a sandwich attack and how can you defend against it?
A sandwich attack occurs when a malicious actor observes a pending transaction in the mempool, places their own transaction before it to profit from price movements, then places another transaction after to complete the attack. This is particularly relevant in decentralized exchanges. Defenses include using commit-reveal schemes, private mempools, or MEV-resistant protocols that prevent transaction ordering exploitation.
22. Explain the difference between Dutch and English auctions in a smart contract context.
An English auction starts at a low price and increases as bidders compete, with the highest bidder winning. A Dutch auction starts at a high price and decreases over time until someone accepts the price. In smart contracts, English auctions typically require multiple rounds of bidding and gas-efficient storage of bids, while Dutch auctions are simpler to implement as the price follows a predetermined formula and buyers trigger execution at their desired price.
23. What is fixed-point arithmetic in Solidity and when would you use it?
Fixed-point arithmetic represents decimal numbers using integers, with a fixed number of digits reserved for the fractional part. Solidity doesn’t natively support floating-point numbers, making fixed-point arithmetic essential for precise financial calculations. For example, representing prices with 18 decimal places allows accurate token pricing. Libraries like ABDKMath64x64 provide fixed-point arithmetic operations, though they require careful implementation to avoid precision loss.
24. Describe an ERC20 approval frontrunning attack and how to mitigate it.
In an ERC20 approval frontrunning attack, a malicious spender observes a transaction that increases their allowance and frontruns it by spending their current allowance before the new allowance takes effect, then the new allowance becomes available, allowing them to spend both amounts. Mitigation strategies include using increaseAllowance and decreaseAllowance functions instead of directly setting approval amounts, or requiring users to reset approval to zero before increasing it.
25. What opcode accomplishes address(this).balance in Solidity?
The SELFBALANCE opcode returns the balance of the current contract. In lower-level EVM operations, SELFBALANCE is more gas-efficient than the BALANCE opcode used for other addresses. In Solidity, address(this).balance uses SELFBALANCE when referring to the current contract’s balance, making it a gas-optimized way to check contract balance compared to this.balance in older code.
26. How many arguments can a Solidity event have?
A Solidity event can have up to 17 arguments total. However, only the first 3 arguments can be marked as indexed, which makes them searchable in event logs. These indexed parameters are stored in the event’s topics rather than in the data field, allowing efficient filtering and querying of events. Non-indexed parameters are stored in the event data field.
27. What is an anonymous event in Solidity and why would you use it?
An anonymous event is declared with the anonymous keyword and does not include the event signature as a topic in the log. This saves gas and allows developers to use the first topic for custom data instead of the event signature. Anonymous events are useful when you want to optimize gas costs or create custom event filtering logic, though they reduce discoverability since off-chain tools cannot easily identify them without additional context.
28. Under what circumstances can a function receive a mapping as an argument in Solidity?
A function cannot directly receive a mapping as an argument because mappings can only exist in storage, not in memory or calldata. However, you can pass storage references to mappings through internal function calls within the same contract. This limitation exists because mappings don’t have a fixed size and cannot be copied or passed through function boundaries. To work with mappings across contracts, you must interact through external calls and pass the data through other data structures like arrays or structs.
29. What is an inflation attack in the context of ERC4626 vaults?
An inflation attack in ERC4626 vaults exploits the conversion between shares and assets. An attacker deposits a small amount of assets, directly transfers additional assets to the vault without minting shares, then withdraws, causing early depositors with small balances to lose precision in share calculations due to rounding. The attacker profits from the rounding down that occurs in share calculation. Mitigation includes using a larger minimum deposit or implementing virtual shares and assets to prevent share price manipulation.
30. Explain the concept of a nullifier in zero-knowledge proofs and its use case in Solidity contracts.
A nullifier is a unique identifier that prevents the same zero-knowledge proof from being used twice, ensuring one-time usage of private information. In Solidity contracts implementing privacy features, nullifiers are stored in a mapping to track which proofs have already been consumed. When a user submits a proof, the contract checks if the nullifier has been used before. If not, the contract processes the action and marks the nullifier as spent, preventing replay attacks and double-spending in privacy-preserving protocols.
31. What is SECP256K1 and how does it relate to Solidity?
SECP256K1 is an elliptic curve cryptography algorithm used for digital signatures in Ethereum and Bitcoin. While not directly used in Solidity code, it’s the underlying cryptographic standard for Ethereum accounts and signatures. Solidity provides the ecrecover function to verify SECP256K1 signatures, enabling meta-transactions and signature-based authentication schemes. Understanding SECP256K1 is essential for implementing advanced security patterns in smart contracts.
32. Why shouldn’t you fetch price data directly from Uniswap V3’s slot0 in production contracts?
slot0 contains the current price in a Uniswap V3 pool but is vulnerable to flash loan attacks and manipulation. Malicious actors can use large flash loans to temporarily manipulate the price, extract value, and repay the loan in the same transaction. Production contracts should use time-weighted average prices (TWAP) or Oracle solutions like Chainlink to get reliable price feeds resistant to manipulation. Fetching directly from slot0 exposes contracts to significant financial risks.
33. Describe how to compute the 9th root of a number on-chain in Solidity.
Computing fractional roots on-chain requires iterative algorithms since Solidity works with integers. One approach is using Newton’s method iteratively to approximate the 9th root, or using binary search to find the value that when raised to the 9th power equals the target number. Another approach involves using fixed-point arithmetic libraries that support fractional exponentiation. Given gas constraints, off-chain computation with on-chain verification through zero-knowledge proofs is often more practical for complex mathematical operations.
34. What is the danger of using return in assembly outside of a Solidity function that has a modifier?
Using return in inline assembly can bypass modifiers and their associated validation logic. When return is used in assembly within a function protected by modifiers, it may exit the function without executing the modifier’s post-execution logic (the code after the _; placeholder). This can lead to security vulnerabilities where access control or state consistency checks are bypassed, potentially allowing unauthorized actions or leaving the contract in an inconsistent state.
