Further Reading: Solidity Programming

Official Documentation

  • Solidity Documentation (docs.soliditylang.org) — The authoritative reference for the Solidity language. The "Solidity by Example" section is particularly useful for seeing patterns in context. The "Security Considerations" section should be read in its entirety before writing any contract intended for production.

  • Ethereum Improvement Proposal 20 (EIP-20) (eips.ethereum.org/EIPS/eip-20) — The original ERC-20 standard. Reading the actual EIP, including the discussion and rationale sections, provides insight into the design tradeoffs that shaped the most important standard in the Ethereum ecosystem.

  • Hardhat Documentation (hardhat.org/docs) — Comprehensive guide to the Hardhat development environment, including compilation, testing, deployment, and debugging. The "Hardhat Network" section explains the local blockchain simulator used in this chapter's testing section.

Books

  • Antonopoulos, Andreas M. and Gavin Wood. Mastering Ethereum. O'Reilly Media, 2018. Chapter 7 ("Smart Contracts and Solidity") and Chapter 12 ("DApps") remain valuable for understanding the architecture underlying Solidity development, though some syntax has changed since publication (the book covers Solidity 0.4.x-0.5.x).

  • Zheng, Gavin, Longxiang Gao, Liqun Huang, and Jian Guan. Blockchain Challenges and Opportunities. Springer, 2022. Provides academic context for the engineering challenges of smart contract development, including formal verification and security analysis.

Security Resources

  • OpenZeppelin Contracts (github.com/OpenZeppelin/openzeppelin-contracts) — The gold-standard library for secure smart contract development. Reading the ERC-20 implementation (contracts/token/ERC20/ERC20.sol) alongside this chapter's from-scratch implementation reveals the additional safety checks and gas optimizations that a production library provides.

  • Smart Contract Weakness Classification (SWC) Registry (swcregistry.io) — A catalogue of known smart contract vulnerability patterns, each with a description, code example, and remediation guidance. Essential reference for understanding what can go wrong.

  • Trail of Bits: "Building Secure Smart Contracts" (github.com/crytic/building-secure-contracts) — A practical guide from one of the leading smart contract security firms. Covers testing methodologies, common vulnerability patterns, and tool-assisted analysis.

  • Consensys: "Ethereum Smart Contract Best Practices" (consensys.github.io/smart-contract-best-practices) — A community-maintained guide covering known attacks (reentrancy, front-running, denial of service) and defensive coding patterns.

Tutorials and Courses

  • CryptoZombies (cryptozombies.io) — An interactive tutorial that teaches Solidity through building a game. Excellent for reinforcing the concepts from this chapter in a gamified format. Covers Solidity basics through advanced topics over six "lessons."

  • Ethernaut by OpenZeppelin (ethernaut.openzeppelin.com) — A series of increasingly difficult smart contract hacking challenges. Each level presents a vulnerable contract and challenges you to exploit it. Superb for developing security intuition after completing this chapter.

  • Patrick Collins: "Learn Solidity, Blockchain Development, & Smart Contracts" (available on YouTube and Cyfrin Updraft) — A comprehensive, free video course covering Solidity from basics through advanced DeFi development. Updated regularly to reflect current tooling and best practices.

Standards and Extensions

  • EIP-721: Non-Fungible Token Standard (eips.ethereum.org/EIPS/eip-721) — The standard for NFTs, building on many concepts from ERC-20. Reading ERC-721 after understanding ERC-20 illustrates how the interface-driven approach scales to different token types.

  • EIP-2612: Permit Extension for ERC-20 (eips.ethereum.org/EIPS/eip-2612) — Addresses the two-transaction problem (approve + transferFrom) by allowing gasless approvals via signed messages. Understanding this extension requires the ERC-20 foundation from this chapter.

  • EIP-4626: Tokenized Vault Standard (eips.ethereum.org/EIPS/eip-4626) — A standard for yield-bearing tokens built on top of ERC-20. Demonstrates how ERC-20's composability enables increasingly sophisticated financial instruments.

Tools

  • Remix IDE (remix.ethereum.org) — Browser-based Solidity IDE with compilation, deployment, and debugging. Excellent for rapid prototyping and learning, though production projects should use Hardhat or Foundry.

  • Foundry (book.getfoundry.sh) — An alternative to Hardhat that uses Solidity (not JavaScript) for testing. Gaining rapid adoption among experienced developers for its speed and the ability to write tests in the same language as the contracts.

  • Slither (github.com/crytic/slither) — A static analysis tool that detects common vulnerabilities in Solidity code. Running Slither on your contracts before deployment catches many of the pitfalls described in this chapter automatically.

  • Tenderly (tenderly.co) — A debugging and monitoring platform for smart contracts. Provides transaction simulation, gas profiling, and alerting. Particularly useful for understanding why a transaction reverted.

Academic Papers

  • Atzei, Nicola, Massimo Bartoletti, and Tiziana Cimoli. "A Survey of Attacks on Ethereum Smart Contracts." Proceedings of the 6th International Conference on Principles of Security and Trust, 2017. Systematic classification of smart contract vulnerabilities, many of which relate directly to the error-handling and security patterns discussed in this chapter.

  • Chen, Ting, Xiaoqi Li, Xiapu Luo, and Xiaosong Zhang. "Under-optimized Smart Contracts Devour Your Money." IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), 2017. Empirical study of gas waste patterns in deployed contracts. Provides data supporting the gas optimization techniques introduced in this chapter.