Solidity is a statically typed, contract-oriented language compiled to EVM bytecode. It is the language in which the overwhelming majority of DeFi, NFT, and on-chain governance code is written.
For security, Solidity has historical baggage that is worth knowing:
- Pre-0.8 versions had silent integer overflow and underflow. Most major reentrancy and arithmetic exploits in 2016–2020 happened on these versions.
- 0.8.x introduced built-in overflow checks but kept many footguns:
tx.origin,callwith arbitrary calldata,delegatecall-based proxies,selfdestruct(now removed). - Recent versions (0.8.20+) have evolved storage layouts, optimizer behavior, and immutables in ways that have caused real incidents when libraries were upgraded carelessly.
Reading Solidity well is a skill independent of writing it. Auditors spend their careers learning to see what's not in the code, missing checks, missing modifiers, missing reverts.