🇺🇸English
Solidity Coding Standards
Language Rule
- Always respond in the same language the user is using. If the user asks in Chinese, respond in Chinese. If in English, respond in English.
Coding Principles
- Pragma : Use
pragma solidity ^0.8.19; — keep consistent across all files in the project
- Dependencies : OpenZeppelin Contracts 4.9.x, manage imports via
remappings.txt
- Error Handling : Prefer custom errors over
require strings — saves gas and is more expressive
- Define:
error InsufficientBalance(uint256 available, uint256 required);
- Use:
if (balance < amount) revert InsufficientBalance(balance, amount);
- Documentation : All
public / external functions must have NatSpec (@notice, @param, @return)
- Event Indexing : Only add
indexed to address type parameters — add comment if indexing other types
- Special Keywords :
immutable / constant / unchecked / assembly must have inline comment explaining why
Naming Conventions
| Element | Convention | Example |
|---|
| Contract / Library | PascalCase | MyToken, StakingPool |
| Interface | I + PascalCase | IMyToken, IStakingPool |
| State variable / Function | lowerCamelCase | totalSupply, claimDividend |
- Forbidden : Pinyin names, single-letter variables (except
i/j/k in loops), excessive abbreviations
Code Organization Rules
| Situation | Rule |
|---|
| Cross-contract constants | Place in src/common/Const.sol |
| Interface definitions | Place in src/interfaces/I<Name>.sol, separate from implementation |
| Simple on-chain queries | Use Foundry cast CLI (call / send) |
| Complex multi-step operations | Use Foundry script (*.s.sol) |
| Import style | Use named imports: import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol"; |
Project Directory Structure
src/ — Contract source code
interfaces/ — Interface definitions (I*.sol)
common/ — Shared constants, types, errors (Const.sol, Types.sol)
test/ — Test files (*.t.sol)
script/ — Deployment & interaction scripts (*.s.sol)
config/ — Network config, parameters (*.json)
deployments/ — Deployment records (latest.env)
docs/ — Documentation, changelogs
lib/ — Dependencies (managed by Foundry)
Configuration Management
config/*.json — network RPC URLs, contract addresses, business parametersdeployments/latest.env — latest deployed contract addresses, must update after each deploymentfoundry.toml — compiler version, optimizer settings, remappings- Important config changes must be documented in the PR description
OpenZeppelin Library Selection Standards
When writing Solidity contracts, prioritize using battle-tested OpenZeppelin libraries over custom implementations. Select the appropriate library based on the scenario:
Access Control
| Scenario | Library | Import Path |
|---|
| Single owner management | Ownable | @openzeppelin/contracts/access/Ownable.sol |
| Owner transfer needs safety | Ownable2Step | @openzeppelin/contracts/access/Ownable2Step.sol |
| Multi-role permission (admin/operator/minter) | AccessControl | @openzeppelin/contracts/access/AccessControl.sol |
Rule : Single owner → Ownable2Step; 2+ roles → AccessControl; governance/DAO → TimelockController
Security Protection
| Scenario | Library | Usage |
|---|
| External call / token transfer | ReentrancyGuard | Add nonReentrant modifier |
| Emergency pause needed | Pausable | Add whenNotPaused to user-facing functions; keep admin functions unpaused |
| ERC20 token interaction | SafeERC20 | Use safeTransfer / safeTransferFrom / instead of raw calls |
Rule : Any contract that transfers tokens or ETH MUST use ReentrancyGuard + SafeERC20
Token Standards
| Scenario | Library | Notes |
|---|
| Fungible token | ERC20 | Base standard |
| Token with burn mechanism | ERC20Burnable | Adds burn() and burnFrom() |
| Token with max supply cap | ERC20Capped | Enforces totalSupply <= cap |
| Gasless approval (EIP-2612) | ERC20Permit |
Utility Libraries
| Scenario | Library | Usage |
|---|
| Whitelist / airdrop verification | MerkleProof | Gas-efficient Merkle tree verification |
| Signature verification | ECDSA + EIP712 | Off-chain sign + on-chain verify |
| Auto-increment IDs | Counters | Token ID, order ID generation |
| Batch function calls | Multicall | Multiple operations in one tx |
| Address set / uint set | |
Contract Upgrade
| Scenario | Library | Notes |
|---|
| Upgradeable contract (gas efficient) | UUPSUpgradeable | Upgrade logic in implementation contract |
| Upgradeable contract (admin separated) | TransparentUpgradeableProxy | Upgrade logic in proxy, higher gas |
| Initializer (replace constructor) | Initializable | Use initializer modifier instead of constructor |
Rule : New projects prefer UUPSUpgradeable; always use Initializable for upgradeable contracts
Oracle and Off-Chain Services
| Scenario | Library | Notes |
|---|
| Token price data | AggregatorV3Interface | Only for tokens with supported oracle data feeds |
| Verifiable randomness (lottery/NFT) | VRFConsumerBaseV2 | On-chain provably fair random numbers |
| Automated execution (cron jobs) | AutomationCompatible | Replace centralized keepers |
| Cross-chain messaging | CCIP | Cross-chain token/message transfer |
Library Selection Decision Flow
Does contract handle user funds/tokens?
├── YES → Add ReentrancyGuard + SafeERC20
│ Does it need emergency stop?
│ ├── YES → Add Pausable
│ └── NO → Skip
└── NO → Skip
How many admin roles needed?
├── 1 role → Ownable2Step
├── 2+ roles → AccessControl
└── DAO/governance → TimelockController
Does contract need price data?
├── Token has oracle feed → AggregatorV3Interface
├── No oracle feed → Custom TWAP with min-liquidity check
└── No price needed → Skip
Will contract need upgrades?
├── YES → UUPSUpgradeable + Initializable
└── NO → Standard deployment (immutable)
Anti-Patterns (Do NOT)
- Do NOT write custom
transfer wrappers — use SafeERC20
- Do NOT write custom access control modifiers — use
Ownable / AccessControl
- Do NOT write custom pause logic — use
Pausable
- Do NOT use
SafeMath on Solidity >= 0.8.0 — overflow checks are built-in
- Do NOT use
require(token.transfer(...)) — use token.safeTransfer(...) via SafeERC20
MCP-Assisted Contract Generation (if available)
When OpenZeppelinContracts MCP is configured, prefer using it to generate base contracts instead of writing from scratch:
| Contract Type | MCP Tool | When to Use |
|---|
| Fungible token | solidity-erc20 | Any new ERC20 token contract |
| NFT | solidity-erc721 | Any new NFT contract |
| Multi-token | solidity-erc1155 | Game items, batch operations |
| Stablecoin | solidity-stablecoin | Stablecoin with ERC20 compliance |
| Real-world assets | solidity-rwa |
Workflow : MCP generates base → apply this skill's naming/structure rules → customize business logic → apply /solidity-security rules
Why MCP over manual : MCP output is validated against the same rule-set as OZ Contracts Wizard — imports, modifiers, security checks are guaranteed correct. Manual coding risks missing imports or using wrong OZ versions.
When NOT to use MCP : Heavily custom contracts with non-standard patterns, contracts that don't fit any OZ template, or when you need fine-grained control from line 1.
Graceful degradation : If MCP is not configured, fall back to the Library Selection Standards above and write contracts manually following all rules in this skill.
Foundry Quick Reference
| Operation | Command |
|---|
| Create new project | forge init <project-name> |
| Install dependency | forge install openzeppelin-contracts |
| Build contracts | forge build |
| Format code | forge fmt |
| Update remappings | forge remappings |
Weekly Installs
34
Repository
0xlayerghost/so…gent-kit
GitHub Stars
1
First Seen
Feb 9, 2026
Security Audits
Gen Agent Trust HubPassSocketPassSnykPass
Installed on
claude-code28
opencode20
gemini-cli20
codex20
cursor20
github-copilot17
