Solidity Cheat Sheet 2026
The 30 highest-yield Solidity facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.
80 questions
120 min time limit
78.00% to pass
- In Solidity 0.8.x, what happens when an arithmetic overflow occurs by default? → The transaction reverts automatically
- What can the deployer use to run code on the blockchain? → Solidity language
- What does a Solidity mapping return for a key that has never been set? → The default zero value for the value type
- What does the reducing length property do? → Delete elements from the array
- What is the default value of an uninitialized bool state variable in Solidity? → false
- What is the risk of using `delegatecall` to an untrusted contract? → The callee can overwrite the caller's storage with malicious data
- What is the purpose of the `receive()` function in Solidity? → It handles plain ETH transfers sent to the contract without calldata
- Which Solidity type correctly declares a fixed-size byte array of exactly 32 bytes? → bytes32
- Which attack exploits a contract that calls an external contract before updating its state? → Reentrancy attack
- What Solidity modifier from OpenZeppelin prevents reentrancy by locking the function? → nonReentrant
- What vulnerability arises when Solidity arithmetic operations exceed the maximum or minimum value of the data type? → Integer overflow/underflow
- What are state variables in Solidity stored in? → Slots
- Who created Ethereum? → Gavin James Wood
- What happens when `abi.decode` receives data that does not match the specified types? → The transaction reverts with a decoding error
- What is the name of the property that you can use to delete elements from an array? → Reducing length
- What do Solidity arrays hold, depending on their size? → Elements
- What is 'gas griefing' in the context of forwarding gas with `call` in Solidity? → A malicious callee can consume all forwarded gas, causing the caller to run out and revert
- What happens to variables stored in the memory data location after a Solidity function call ends? → They are erased and the memory is freed
- What storage slot number is assigned to the first state variable declared in a Solidity contract? → Slot 0
- What is the purpose of the Proxy Upgrade Pattern (UUPS or Transparent Proxy) in Solidity? → It allows replacing a contract's logic while preserving its storage state and address
- What data location must be explicitly specified for reference type parameters in Solidity functions? → memory, storage, or calldata
- What vulnerability is introduced by the `selfdestruct` opcode in Solidity? → It can forcibly send ETH to any contract, breaking balance-based invariants
- What does Solidity supports? → Reference types and value types
- What can Solidity contracts use as memory? → Any size
- Which statement about structs in Solidity is correct? → Structs can contain other structs but not directly recursive self-references
- What is the key difference between a fixed-size array and a dynamic array in Solidity? → Fixed-size arrays have their length set at compile time while dynamic arrays can grow
- Which vulnerability allows an attacker to manipulate transaction ordering to their advantage? → Front-running (MEV)
- What is the byte size of the address type in Solidity? → 20 bytes
- What does the `safeTransferFrom` function in ERC-721 check that the plain `transferFrom` does not? → Whether the recipient contract implements onERC721Received to confirm it can handle NFTs
- Which storage location is the cheapest in terms of gas cost in Solidity? → calldata
Turn these facts into recall: