Claude Code Skills for Solidity Smart Contracts

Developing Solidity smart contracts requires a unique set of patterns, security considerations, and tooling workflows. By creating specialized Claude Code skills for Solidity development, you can automate contract auditing, enforce best practices, and accelerate your development cycle.

Scope note: This guide is about building new Claude Code skills tailored to Solidity — writing the skill files themselves, defining auditing checklists, gas-optimization templates, and compiler-version rules that Claude will follow. If you want to learn how to use existing skills like /tdd, /pdf, and /supermemory inside a Solidity project, see Claude Skills for Solidity Smart Contract Development.

Understanding the Solidity Development Workflow

Solidity development differs significantly from traditional software engineering. Your skills must account for the Ethereum Virtual Machine (EVM) constraints, gas optimization requirements, and the immutable nature of deployed contracts. A well-crafted Solidity skill guides Claude through the complete development lifecycle: initial implementation, testing with the tdd skill, security auditing, and deployment preparation.

The skill body should establish clear rules for Solidity-specific operations. When writing contracts, Claude needs explicit guidance about compiler versions, visibility modifiers, and access control patterns. Without this direction, generated code may contain vulnerabilities or fail to follow community standards.

Essential Skill Components for Solidity

Compiler Version Management

Every Solidity file begins with a version pragma. Your skill should enforce consistent version usage across the project:

When writing Solidity contracts:
- Use ^0.8.20 for new projects unless compatibility requires otherwise
- Always specify exact versions in production contracts (e.g., pragma solidity 0.8.19)
- Never use ^ for dependencies that must remain stable

Security Pattern Enforcement

Solidity requires specific security patterns that differ from other languages. Your skill should include explicit guidance for common vulnerabilities:

For reentrancy protection:
- Always use the Checks-Effects-Interactions pattern
- Prefer OpenZeppelin's ReentrancyGuard
- Never make external calls before updating state variables

For access control:
- Use Ownable for simple ownership models
- Use AccessControl for role-based permissions
- Never rely on tx.origin for authorization

Testing Framework Integration

Solidity testing typically uses Hardhat or Foundry. Your skill should template testing patterns:

// Example: Test template your skill should generate
contract TokenTest is Test {
    Token public token;
    
    function setUp() public {
        token = new Token("Test", "TST", 1000);
    }
    
    function testTransfer() public {
        token.transfer(address(1), 100);
        assertEq(token.balanceOf(address(1)), 100);
    }
    
    function testFailInsufficientBalance() public {
        token.transfer(address(1), 1001);
    }
}

Building a Contract Auditing Skill

One of the most valuable Solidity skills is a contract auditor. This skill reviews code for common vulnerability patterns and suggests improvements.

Creating the Audit Skill

Your auditing skill should include a comprehensive checklist:

When auditing Solidity code:
1. Check for unprotected initializer functions
2. Verify all external calls handle reentrancy
3. Confirm access control on sensitive functions
4. Validate integer overflow/underflow protection (pre-0.8.0)
5. Look for unused return values from low-level calls
6. Check for front-running opportunities in trading logic
7. Verify proper safe math usage or Solidity 0.8+ checked math
8. Confirm contract has pausable functionality for emergencies

Practical Audit Example

When prompted to audit, the skill should output structured findings:

## Audit Findings: ContractName.sol

### Critical
- [ ] Missing access control on mint() function (Line 42)
- [ ] Reentrancy vulnerability in withdraw() (Line 78)

### High
- [ ] Missing event emissions for critical state changes
- [ ] NoUpgradeable contract lacks initialization protection

### Medium
- [ ] Gas optimization: cache array length in loops
- [ ] Consider marking functions as pure/view where applicable

Gas Optimization Skills

Gas optimization is crucial for Solidity. A dedicated skill can analyze contracts and suggest improvements:

Gas optimization priorities:
1. Use calldata instead of memory for function parameters when possible
2. Cache array length outside loops
3. Use mapping instead of arrays where appropriate
4. Bundle storage reads/writes to reduce SLOAD/SSTORE operations
5. Use custom errors (revert CustomError()) instead of require strings
6. Mark immutable variables as immutable
7. Use bit shifting for multiplication/division by powers of 2

Example optimization transformation:

// Before: Unoptimized
function sum(uint256[] memory arr) public pure returns (uint256) {
    uint256 total = 0;
    for (uint256 i = 0; i < arr.length; i++) {
        total += arr[i];
    }
    return total;
}

// After: Optimized
function sum(uint256[] calldata arr) public pure returns (uint256) {
    uint256 total = 0;
    uint256 len = arr.length;
    for (uint256 i = 0; i < len; i++) {
        total += arr[i];
    }
    return total;
}

Deployment and Verification Skills

Deployment preparation requires specific checks:

Before deployment:
1. Verify contract compiles without warnings: npx hardhat compile --force
2. Run full test suite with coverage: npx hardhat coverage
3. Check gas estimates for all public functions
4. Verify OpenZeppelin upgrades plugin compatibility if upgradeable
5. Confirm contract verification parameters in Etherscan/Blockscout
6. Document deployment parameters and constructor arguments
7. Test on testnet with realistic conditions

Combining Skills for Complete Workflow

The most powerful approach combines multiple specialized skills. Create a master Solidity skill that orchestrates:

1. Writer: Generates initial contract code following project patterns
2. Tester: Creates comprehensive test coverage
3. Auditor: Reviews code for vulnerabilities
4. Optimizer: Improves gas efficiency
5. Deployer: Handles deployment and verification

Each skill remains focused on its domain while the master skill coordinates the workflow. This separation keeps each skill maintainable and reusable across different projects.

Best Practices for Solidity Skills

Keep your skills maintainable by following these principles:

• Version-lock dependencies: Solidity changes rapidly; specify exact versions
• Prefer established libraries: Use OpenZeppelin contracts instead of custom implementations for common patterns
• Include NatSpec comments: Your skills should generate documentation
• Test generated code: Always verify the skill output compiles and passes tests
• Iterate based on findings: Update skills when new vulnerability patterns emerge

Related Reading

• Claude Skills for Solidity Smart Contract Development — How to use existing skills like /tdd, /pdf, and /supermemory in a Solidity project, rather than building new ones
• Automated Testing Pipeline with Claude TDD Skill — Apply TDD skill patterns to Solidity test coverage and contract verification
• Claude Code Skills for Infrastructure as Code — Apply similar domain-specific skill patterns to infrastructure tooling alongside smart contract work
• Advanced Claude Code Skills Hub — Explore specialized skill patterns for complex technical domains

Built by theluckystrike — More at zovo.one