Solidity Bugs — Find and Fix Common Mistakes

Every Solidity developer makes these mistakes. Learn to spot and fix them before deployment.

Solidity is unforgiving. One missing storage keyword can brick your entire contract. One unchecked return value can drain all funds. Debugging skills aren't optional — they're survival.

Top 5 Common Bugs

Uninitialized Storage Pointer

Declaring a struct without storage or memory creates a dangerous pointer to slot 0.

Public vs External Visibility

Using public for functions only called externally wastes gas copying calldata to memory.

Reentrancy Without Guards

External calls before state updates allow recursive exploitation of your contract.

Unchecked Return Values

Ignoring return values from call or transfer silently fails transfers.

tx.origin for Auth

Using tx.origin instead of msg.sender enables phishing attacks.

Example: Storage Pointer Bug

❌ Bug: Uninitialized Pointer

struct User {
    address addr;
    uint256 balance;
}

mapping(uint256 => User) users;

function addUser(uint256 id) public {
    User user; // Defaults to storage slot 0!
    user.addr = msg.sender;
    user.balance = 100;
    // Overwrites storage slot 0 instead of users[id]
}

✅ Fixed: Explicit Storage

struct User {
    address addr;
    uint256 balance;
}

mapping(uint256 => User) users;

function addUser(uint256 id) public {
    User storage user = users[id]; // Explicit storage
    user.addr = msg.sender;
    user.balance = 100;
    // Correctly writes to users[id]
}

The fix: Always declare struct variables with storage or memory. Omitting it defaults to storage slot 0, corrupting state.

Frequently Asked Questions

What is the most common Solidity bug?

Storage pointer bugs are the most common for beginners. Forgetting to initialize a storage pointer creates a dangerous reference to slot 0, potentially overwriting critical state.

How do I debug Solidity effectively?

Use Foundry tests with vm.prank, vm.expectRevert, and console.log. Write unit tests for edge cases. Use static analysis tools like Slither to catch common patterns.

Are Solidity bugs different from other languages?

Yes. Solidity has unique footguns: immutable blockchain state, gas costs, reentrancy, and storage vs memory semantics. Traditional debugging tools don't work — you need specialized testing frameworks.

Master Debugging Solidity

Practice finding and fixing bugs with 50+ real-world challenges. Learn the patterns that prevent bugs before they happen.

Start Debugging Challenges →