Solidity
Execute these commands after EVERY implementation (see AGENT_AUTOMATION module for full workflow).
11 stars
byhivellm
Best use case
Solidity is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Execute these commands after EVERY implementation (see AGENT_AUTOMATION module for full workflow).
Teams using Solidity should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
$curl -o ~/.claude/skills/solidity/SKILL.md --create-dirs "https://raw.githubusercontent.com/hivellm/rulebook/main/templates/skills/languages/solidity/SKILL.md"
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/solidity/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How Solidity Compares
| Feature / Agent | Solidity | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Execute these commands after EVERY implementation (see AGENT_AUTOMATION module for full workflow).
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
<!-- SOLIDITY:START -->
# Solidity Project Rules
## Agent Automation Commands
**CRITICAL**: Execute these commands after EVERY implementation (see AGENT_AUTOMATION module for full workflow).
```bash
# Complete quality check sequence (Hardhat):
npx hardhat compile # Compilation check
npx hardhat test # All tests (100% pass)
npx hardhat coverage # Coverage check
npx slither . # Security analysis
# Or with Foundry:
forge build # Compilation
forge test # All tests
forge coverage # Coverage
slither . # Security scan
# Gas optimization check:
npx hardhat test --gas
```
## Solidity Configuration
**CRITICAL**: Use Solidity 0.8.20+ with strict compiler settings and comprehensive testing.
- **Version**: Solidity 0.8.20+
- **Recommended**: Solidity 0.8.26+
- **Framework**: Hardhat or Foundry
- **Testing**: Hardhat tests or Foundry tests
- **Linter**: Solhint
- **Formatter**: Prettier with prettier-plugin-solidity
- **Security**: Slither, Mythril for static analysis
### hardhat.config.js Requirements
```javascript
require("@nomicfoundation/hardhat-toolbox");
require("hardhat-gas-reporter");
require("solidity-coverage");
module.exports = {
solidity: {
version: "0.8.26",
settings: {
optimizer: {
enabled: true,
runs: 200
},
viaIR: true,
outputSelection: {
"*": {
"*": ["storageLayout"]
}
}
}
},
networks: {
hardhat: {
chainId: 31337
},
localhost: {
url: "http://127.0.0.1:8545"
}
},
gasReporter: {
enabled: true,
currency: "USD",
outputFile: "gas-report.txt"
},
paths: {
sources: "./contracts",
tests: "./test",
cache: "./cache",
artifacts: "./artifacts"
}
};
```
### foundry.toml Requirements (Alternative)
```toml
[profile.default]
src = "src"
out = "out"
libs = ["lib"]
solc = "0.8.26"
optimizer = true
optimizer_runs = 200
via_ir = true
verbosity = 3
[profile.ci]
fuzz = { runs = 10000 }
invariant = { runs = 1000 }
[fmt]
line_length = 100
tab_width = 4
bracket_spacing = true
int_types = "long"
quote_style = "double"
number_underscore = "thousands"
```
## Code Quality Standards
### Mandatory Quality Checks
**CRITICAL**: After implementing ANY feature, you MUST run these commands in order.
**IMPORTANT**: These commands MUST match your GitHub Actions workflows to prevent CI/CD failures!
```bash
# Pre-Commit Checklist - Hardhat (MUST match .github/workflows/*.yml)
# 1. Format check (matches workflow)
npx prettier --check 'contracts/**/*.sol' 'test/**/*.js'
# 2. Lint (MUST pass with no warnings - matches workflow)
npx solhint 'contracts/**/*.sol'
# 3. Compile (matches workflow)
npx hardhat compile
# 4. Run all tests (MUST pass 100% - matches workflow)
npx hardhat test
# 5. Gas report (matches workflow)
REPORT_GAS=true npx hardhat test
# 6. Coverage (MUST meet threshold - matches workflow)
npx hardhat coverage
# 7. Security analysis (matches workflow)
slither .
# or: mythril analyze contracts/MyContract.sol
# Pre-Commit Checklist - Foundry (MUST match .github/workflows/*.yml)
# 1. Format check (matches workflow)
forge fmt --check
# 2. Build (matches workflow)
forge build
# 3. Run all tests (MUST pass 100% - matches workflow)
forge test -vvv
# 4. Coverage (matches workflow)
forge coverage
# 5. Gas snapshot (matches workflow)
forge snapshot --check
# 6. Security analysis (matches workflow)
slither .
# If ANY fails: ❌ DO NOT COMMIT - Fix first!
```
**If ANY of these fail, you MUST fix the issues before committing.**
**Why This Matters:**
- Running different commands locally than in CI causes deployment failures
- Smart contract bugs can lead to financial losses
- Example: Using `prettier --write` locally but `prettier --check` in CI = failure
- Example: Skipping security analysis locally = vulnerabilities deployed to mainnet
- Example: Missing gas optimization = expensive contract operations
### Security Best Practices
**CRITICAL**: Smart contracts handle real value - security is paramount!
```solidity
// ✅ GOOD: Secure patterns
pragma solidity 0.8.26;
import "@openzeppelin/contracts/security/ReentrancyGuard.sol";
import "@openzeppelin/contracts/access/Ownable.sol";
contract SecureVault is ReentrancyGuard, Ownable {
mapping(address => uint256) private balances;
event Deposit(address indexed user, uint256 amount);
event Withdrawal(address indexed user, uint256 amount);
// Checks-Effects-Interactions pattern
function withdraw(uint256 amount) external nonReentrant {
// Checks
require(amount > 0, "Amount must be positive");
require(balances[msg.sender] >= amount, "Insufficient balance");
// Effects
balances[msg.sender] -= amount;
emit Withdrawal(msg.sender, amount);
// Interactions
(bool success, ) = msg.sender.call{value: amount}("");
require(success, "Transfer failed");
}
function deposit() external payable {
require(msg.value > 0, "Must deposit positive amount");
balances[msg.sender] += msg.value;
emit Deposit(msg.sender, msg.value);
}
function getBalance(address user) external view returns (uint256) {
return balances[user];
}
}
// ❌ BAD: Vulnerable to reentrancy
contract InsecureVault {
mapping(address => uint256) public balances;
function withdraw(uint256 amount) external {
require(balances[msg.sender] >= amount);
// DANGER: External call before state update!
(bool success, ) = msg.sender.call{value: amount}("");
require(success);
balances[msg.sender] -= amount; // TOO LATE - already reentered!
}
}
```
### Testing
- **Framework**: Hardhat (Mocha/Chai) or Foundry (Forge)
- **Location**: `/test` directory
- **Coverage**: Must meet threshold (90%+)
- **Invariant Testing**: Use property-based testing
- **Fork Testing**: Test against mainnet forks
Example Hardhat test:
```javascript
const { expect } = require("chai");
const { ethers } = require("hardhat");
describe("SecureVault", function () {
let vault;
let owner;
let addr1;
let addr2;
beforeEach(async function () {
[owner, addr1, addr2] = await ethers.getSigners();
const Vault = await ethers.getContractFactory("SecureVault");
vault = await Vault.deploy();
await vault.deployed();
});
describe("Deployment", function () {
it("Should set the right owner", async function () {
expect(await vault.owner()).to.equal(owner.address);
});
});
describe("Deposits", function () {
it("Should accept deposits", async function () {
const depositAmount = ethers.utils.parseEther("1.0");
await expect(vault.connect(addr1).deposit({ value: depositAmount }))
.to.emit(vault, "Deposit")
.withArgs(addr1.address, depositAmount);
expect(await vault.getBalance(addr1.address)).to.equal(depositAmount);
});
it("Should reject zero deposits", async function () {
await expect(
vault.connect(addr1).deposit({ value: 0 })
).to.be.revertedWith("Must deposit positive amount");
});
});
describe("Withdrawals", function () {
beforeEach(async function () {
await vault.connect(addr1).deposit({ value: ethers.utils.parseEther("2.0") });
});
it("Should allow withdrawals", async function () {
const withdrawAmount = ethers.utils.parseEther("1.0");
await expect(vault.connect(addr1).withdraw(withdrawAmount))
.to.emit(vault, "Withdrawal")
.withArgs(addr1.address, withdrawAmount);
expect(await vault.getBalance(addr1.address))
.to.equal(ethers.utils.parseEther("1.0"));
});
it("Should prevent withdrawal of more than balance", async function () {
await expect(
vault.connect(addr1).withdraw(ethers.utils.parseEther("10.0"))
).to.be.revertedWith("Insufficient balance");
});
});
});
```
Example Foundry test:
```solidity
// SPDX-License-Identifier: MIT
pragma solidity 0.8.26;
import "forge-std/Test.sol";
import "../src/SecureVault.sol";
contract SecureVaultTest is Test {
SecureVault public vault;
address public alice;
address public bob;
function setUp() public {
vault = new SecureVault();
alice = makeAddr("alice");
bob = makeAddr("bob");
vm.deal(alice, 100 ether);
vm.deal(bob, 100 ether);
}
function testDeposit() public {
vm.startPrank(alice);
vault.deposit{value: 1 ether}();
assertEq(vault.getBalance(alice), 1 ether);
vm.stopPrank();
}
function testWithdraw() public {
vm.startPrank(alice);
vault.deposit{value: 2 ether}();
uint256 balanceBefore = alice.balance;
vault.withdraw(1 ether);
assertEq(vault.getBalance(alice), 1 ether);
assertEq(alice.balance, balanceBefore + 1 ether);
vm.stopPrank();
}
function testCannotWithdrawMoreThanBalance() public {
vm.startPrank(alice);
vault.deposit{value: 1 ether}();
vm.expectRevert("Insufficient balance");
vault.withdraw(2 ether);
vm.stopPrank();
}
// Fuzz testing
function testFuzzDeposit(uint256 amount) public {
vm.assume(amount > 0 && amount < 100 ether);
vm.deal(alice, amount);
vm.prank(alice);
vault.deposit{value: amount}();
assertEq(vault.getBalance(alice), amount);
}
// Invariant testing
function invariant_totalBalanceMatchesContract() public {
assertEq(address(vault).balance, vault.totalDeposits());
}
}
```
## Security Auditing
**CRITICAL**: Run multiple security tools before deployment!
### Static Analysis Tools
```bash
# Slither (comprehensive)
slither . --exclude-optimization --exclude-informational
# Mythril (symbolic execution)
myth analyze contracts/MyContract.sol
# Manticore (symbolic execution)
manticore contracts/MyContract.sol
# Echidna (fuzzing)
echidna-test contracts/MyContract.sol --contract MyContract
# Solhint (linting with security rules)
solhint 'contracts/**/*.sol'
```
### Manual Review Checklist
- [ ] Reentrancy protection (ReentrancyGuard or Checks-Effects-Interactions)
- [ ] Integer overflow protection (use Solidity 0.8+)
- [ ] Access control (Ownable, AccessControl)
- [ ] Input validation (require statements)
- [ ] Gas optimization reviewed
- [ ] Event emissions for all state changes
- [ ] No use of tx.origin (use msg.sender)
- [ ] No use of block.timestamp for critical logic
- [ ] No delegatecall to untrusted contracts
- [ ] No selfdestruct in upgradeable contracts
## Gas Optimization
```solidity
// ✅ GOOD: Gas-optimized patterns
contract Optimized {
// Use immutable for constants set in constructor
address public immutable owner;
// Pack struct variables
struct User {
uint128 balance; // 16 bytes
uint64 lastUpdated; // 8 bytes
uint64 nonce; // 8 bytes
// Total: 32 bytes (1 storage slot)
}
// Cache storage variables
function processUsers(uint256[] calldata ids) external {
User storage user; // Declare once
for (uint256 i = 0; i < ids.length; i++) {
user = users[ids[i]]; // Cache
user.balance += 100;
}
}
// Use calldata for read-only arrays
function sum(uint256[] calldata numbers) external pure returns (uint256) {
uint256 total = 0;
for (uint256 i = 0; i < numbers.length; i++) {
total += numbers[i];
}
return total;
}
}
// ❌ BAD: Gas-inefficient
contract Inefficient {
address public owner; // Should be immutable!
struct User {
uint256 balance; // 32 bytes
uint256 lastUpdated; // 32 bytes
uint256 nonce; // 32 bytes
// Total: 96 bytes (3 storage slots!)
}
// Repeated storage access
function processUsers(uint256[] memory ids) external {
for (uint256 i = 0; i < ids.length; i++) {
users[ids[i]].balance += 100; // SLOAD every iteration!
}
}
}
```
## Best Practices
### DO's ✅
- **USE** OpenZeppelin contracts for standard functionality
- **USE** ReentrancyGuard for functions with external calls
- **USE** SafeMath patterns or Solidity 0.8+ (automatic overflow checks)
- **EMIT** events for all state changes
- **VALIDATE** all inputs with require statements
- **TEST** with mainnet forks for realistic scenarios
- **OPTIMIZE** gas usage
- **DOCUMENT** all public functions with NatSpec
### DON'Ts ❌
- **NEVER** use tx.origin for authorization
- **NEVER** use block.timestamp for critical randomness
- **NEVER** make external calls before state updates (reentrancy!)
- **NEVER** use delegatecall without extreme caution
- **NEVER** deploy without security audit
- **NEVER** use floating pragma (`pragma solidity ^0.8.0`)
- **NEVER** skip test coverage
- **NEVER** ignore Slither warnings
## NatSpec Documentation
```solidity
/// @title Secure Vault Contract
/// @author Your Name
/// @notice This contract allows users to deposit and withdraw ETH
/// @dev Uses ReentrancyGuard to prevent reentrancy attacks
contract SecureVault is ReentrancyGuard {
/// @notice Deposits ETH into the vault
/// @dev Emits Deposit event on success
/// @return success Boolean indicating if deposit was successful
function deposit() external payable returns (bool success) {
require(msg.value > 0, "Must deposit positive amount");
balances[msg.sender] += msg.value;
emit Deposit(msg.sender, msg.value);
return true;
}
/// @notice Withdraws ETH from the vault
/// @dev Uses Checks-Effects-Interactions pattern
/// @param amount The amount of ETH to withdraw
/// @custom:security Protected against reentrancy
function withdraw(uint256 amount) external nonReentrant {
require(amount > 0, "Amount must be positive");
require(balances[msg.sender] >= amount, "Insufficient balance");
balances[msg.sender] -= amount;
emit Withdrawal(msg.sender, amount);
(bool success, ) = msg.sender.call{value: amount}("");
require(success, "Transfer failed");
}
}
```
## CI/CD Requirements
Must include GitHub Actions workflows:
1. **Testing** (`solidity-test.yml`):
- Run Hardhat/Foundry tests
- Fork testing against mainnet
- Coverage reporting (90%+ required)
2. **Security** (`solidity-security.yml`):
- Slither static analysis
- Mythril symbolic execution
- Gas optimization check
3. **Linting** (`solidity-lint.yml`):
- Solhint checks
- Prettier formatting
- Compile verification
## Deployment Checklist
**CRITICAL**: Before mainnet deployment!
- [ ] All tests passing (100%)
- [ ] Coverage > 90%
- [ ] Slither audit clean
- [ ] Mythril audit clean
- [ ] External security audit completed
- [ ] Gas optimization reviewed
- [ ] All functions have NatSpec comments
- [ ] Deployed to testnet and verified
- [ ] Contract verified on Etherscan
- [ ] Multi-sig wallet setup for admin functions
- [ ] Emergency pause mechanism tested
- [ ] Upgrade path documented (if upgradeable)
## Publishing to NPM (Hardhat)
```bash
# 1. Run all quality checks
npm run lint
npm test
npx hardhat coverage
# 2. Update version
npm version minor
# 3. Publish
npm publish
```
<!-- SOLIDITY:END -->Related Skills
We are still matching the closest adjacent skills for this page. In the meantime, continue through the full directory.