Skip to content
Published on

Smart Contract Languages 2026 Complete Guide - Solidity 0.8, Vyper, Move (Aptos/Sui), Cairo, Stylus (Arbitrum), Fuel/Sway Deep Dive

🇰🇷KO🇺🇸EN🇯🇵JA
Split View필사 모드
Authors

Prologue — Where do smart contracts run in 2026

Blockchains are distributed databases. Smart contracts are deterministic programs that run on top of them. Every node must produce the same output for the same input, so choosing a language means choosing a consensus model, a gas model, and a verification model all at once.

As of May 2026, about 60% of global smart contract TVL still sits on Ethereum mainnet, and adding L2s pushes the EVM family to roughly 80%. But non-EVM share has grown fast. Solana sits at about 7%, Aptos and Sui combined at about 4%, Cosmos at about 3%, and newer chains like StarkNet and Fuel together account for roughly 2%.

So in 2026, a new contract engineer usually picks one of three paths.

  • The EVM path — learn Solidity 0.8.28 and test with Foundry. The largest market, the most audit firms, the deepest libraries.
  • The Move path — learn resource types via Aptos Move or Sui Move. Object-centric model, parallel execution.
  • The Rust path — Solana Anchor, Stylus, CosmWasm, Sway, NEAR are all Rust-family. One language buys you many chains.

This post walks all three paths in one breath. Language quirks, toolchains, security models, and the on-the-ground reality of Korean and Japanese Web3.

1. EVM Dominance — the Ethereum and L2 landscape

Numbers first. As of May 2026, EVM chain TVL breaks down roughly like this.

  • Ethereum mainnet: about USD 80 billion
  • Arbitrum One: about USD 18 billion
  • Base (Coinbase L2): about USD 15 billion
  • OP Mainnet: about USD 9 billion
  • Polygon PoS + zkEVM: about USD 6 billion
  • BNB Chain: about USD 5 billion
  • Linea, Scroll, zkSync Era and similar: around USD 1 billion each

Compile with evm-version set to Cancun or Prague and your contract runs on nearly every L2 unchanged. One Solidity codebase deploys almost identically across Ethereum, Arbitrum, Base, OP, Polygon, BNB Chain, Linea, Scroll, zkSync, Mantle, Blast, Mode, Zora, Avalanche C-Chain, Fantom Sonic, Celo L2, Hedera EVM, and Astar zkEVM.

That is the real power of EVM. Write once, run on 17 chains.

2. Solidity 0.8.28 — the de facto standard, but evolving

Solidity has been Ethereum's default language since Gavin Wood introduced it in 2014, twelve years and counting. The latest as of May 2026 is 0.8.28. The major shifts in between:

  • 0.8.0 (2020) — arithmetic overflow reverts by default. End of the SafeMath era.
  • 0.8.4 (2021) — custom errors. Cheaper than require(cond, "string").
  • 0.8.18 (2023) — named arguments via compiler option.
  • 0.8.24 (2024) — EIP-1153 transient storage with tload and tstore.
  • 0.8.27 — Yul optimizer improvements, evm-version defaulting to Cancun.
  • 0.8.28 — partial Prague EVM opcode support, faster compilation.

The shortest meaningful Solidity contract looks like this.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.28;

contract Counter {
    uint256 public count;

    error CountTooLarge(uint256 attempted, uint256 max);

    function increment() external {
        if (count >= 1_000_000) revert CountTooLarge(count + 1, 1_000_000);
        count += 1;
    }
}

Three things to note.

  1. pragma solidity ^0.8.28 — the 0.8.x line gives you arithmetic overflow protection by default.
  2. error CountTooLarge(...) — stores only a 4-byte selector plus arguments instead of a full string. Saves roughly 200-400 gas.
  3. The if (cond) revert pattern uses less gas than require(!cond) and produces cleaner traces.

Storage maps are written like mapping(address => uint256), always inside backticks to keep MDX happy. We do the same throughout.

3. Transient Storage (EIP-1153) — the real paradigm shift of the post-2024 era

EIP-1153 landed in the March 2024 Dencun hard fork. It is storage that lives for exactly one transaction. Where sstore costs roughly 20,000 gas, tstore costs about 100.

The canonical use case is the reentrancy lock. The old way.

// Old way — SLOAD/SSTORE for the lock. About 5000 gas per call.
contract OldReentrancyGuard {
    uint256 private _locked = 1;

    modifier nonReentrant() {
        require(_locked == 1, "REENTRANT");
        _locked = 2;
        _;
        _locked = 1;
    }
}

The new way.

// New way — TLOAD/TSTORE. About 200 gas per call.
contract NewReentrancyGuard {
    bytes32 private constant LOCKED_SLOT = keccak256("reentrancy.lock");

    modifier nonReentrant() {
        assembly {
            if tload(LOCKED_SLOT) { revert(0, 0) }
            tstore(LOCKED_SLOT, 1)
        }
        _;
        assembly {
            tstore(LOCKED_SLOT, 0)
        }
    }
}

Gas saved per call: about 4,800. A contract handling one million calls per day saves about 0.5 ETH per day. At an ETH price of about USD 4,000 in May 2026, that is roughly USD 2,000 per day.

Since OpenZeppelin 5.1, ReentrancyGuardTransient ships out of the box.

4. Foundry — Paradigm's actual standard tool

Smart contract tooling was reshuffled completely between 2020 and 2024. The early 2020s belonged to Hardhat (Nomic Foundation) and Truffle (ConsenSys). By 2024, Foundry is the de facto standard, ConsenSys officially sunset Truffle in 2023, and Brownie wound down the same year.

Foundry components.

  • forge — the build and test runner. You write tests in Solidity — that is the whole pitch.
  • cast — a command-line RPC client. ABI encoding, transaction debugging.
  • anvil — a local EVM node. The Hardhat Network alternative.
  • chisel — a Solidity REPL.

A Foundry test looks like this.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.28;

import "forge-std/Test.sol";
import "../src/Counter.sol";

contract CounterTest is Test {
    Counter counter;

    function setUp() public {
        counter = new Counter();
    }

    function test_Increment() public {
        counter.increment();
        assertEq(counter.count(), 1);
    }

    function testFuzz_IncrementNeverExceedsMax(uint8 n) public {
        for (uint256 i = 0; i < n; i++) {
            counter.increment();
        }
        assertLe(counter.count(), 1_000_000);
    }
}

Functions prefixed with testFuzz_ run automatic fuzzing — 256 trials by default. The fuzzer tries to break your invariants with random inputs you never explicitly passed.

Benchmark. Building 200 Solidity contracts and running 1,000 tests.

  • Foundry: about 12 seconds (written in Rust).
  • Hardhat 2: about 90 seconds (Node.js + ts-node).
  • Hardhat 3: about 25 seconds (viem + Rust EDR).

5. Hardhat 3 — Nomic Foundation strikes back

Hardhat 3, announced in late 2024, differs in two decisive ways. First, viem-based — the ethers.js dependency is gone. Second, Rust EDR — the Ethereum Development Runtime is rewritten in Rust. It is now genuinely competitive with anvil.

A Hardhat 3 hardhat.config.ts.

import type { HardhatUserConfig } from "hardhat/config";
import HardhatViem from "@nomicfoundation/hardhat-viem";

const config: HardhatUserConfig = {
  plugins: [HardhatViem],
  solidity: {
    version: "0.8.28",
    settings: {
      optimizer: { enabled: true, runs: 200 },
      evmVersion: "cancun"
    }
  },
  networks: {
    sepolia: {
      type: "http",
      url: process.env.SEPOLIA_RPC_URL ?? "",
      accounts: process.env.PRIVATE_KEY ? [process.env.PRIVATE_KEY] : []
    }
  }
};

export default config;

One-line decision rule. If you only need Solidity and you want speed, use Foundry. If you also need TypeScript and frontend integration, use Hardhat 3.

6. Vyper 0.4 — Pythonic, security-first

Vyper started in 2017, seeded directly by Vitalik Buterin. The philosophy is uncompromising: no inheritance, no modifiers, no inline assembly, no function overloading, no infinite loops. The goal is not "easy to write" but "easy to audit."

The latest in May 2026 is 0.4.0, the last beat before 1.0.

# @version ^0.4.0

count: public(uint256)
MAX_COUNT: constant(uint256) = 1_000_000

@external
def increment():
    assert self.count < MAX_COUNT, "Count exceeded"
    self.count += 1

It looks Pythonic — indentation defines blocks. But it is not Python: every type is static and every gas cost is decided at compile time.

Where is it really used? Curve Finance — most of its core contracts are Vyper. Yearn Finance — the core vaults. Parts of Lido. The assets managed by Vyper contracts as of May 2026 are roughly USD 25 billion.

Vyper's tragedy came in July 2023. A compiler bug let the reentrancy lock in some Curve pools be bypassed, and about USD 70 million was stolen. The Vyper team responded by adding a fuzz campaign against the compiler itself and differential testing against EVM execution.

7. Huff and Yul — assembly-level gas optimization

When Solidity is not lean enough on gas, you descend in two directions.

Yul — Solidity's intermediate representation, written directly inside inline assembly blocks.

function gasOptimized() external pure returns (uint256 result) {
    assembly {
        let x := 0x42
        result := mul(x, 2)
    }
}

Huff — a fully assembly-level DSL. You can write an ERC20 that costs roughly 200 gas less than the Solidity version.

#define function transfer(address,uint256) nonpayable returns (bool)

#define macro TRANSFER() = takes(0) returns(0) {
    0x04 calldataload
    0x24 calldataload
    [BALANCE_LOCATION] sload
    sub
    [BALANCE_LOCATION] sstore
    0x01 0x00 mstore
    0x20 0x00 return
}

The standard advice is: do not use it. Solidity is enough for 99% of contracts, and the audit cost of Huff usually exceeds the gas it saves. The exception is a hot path like a Uniswap V4 hook.

8. Solady and Solmate — gas-optimized libraries

OpenZeppelin Contracts is the standard, but it is heavy when gas matters. Two alternatives.

Solmate — minimal ERC20/ERC721/ERC1155 from t11s (Transmissions11) of Rari Capital. Effectively unmaintained after Rari collapsed.

Solady — the spiritual successor to Solmate, maintained by Vectorized, a known gas-optimization legend on Twitter. The most active gas-optimization library today.

Using Solady's ERC20.

import {ERC20} from "solady/tokens/ERC20.sol";

contract MyToken is ERC20 {
    function name() public pure override returns (string memory) {
        return "MyToken";
    }
    function symbol() public pure override returns (string memory) {
        return "MTK";
    }
}

Compared to OpenZeppelin's ERC20, you save about 300-500 gas per transfer. For a single token that is one number. For a DeFi protocol churning transfers all day, the difference compounds.

9. Formal Verification — SMTChecker, Certora, Halmos, Echidna

Solidity's security tooling lives in roughly four layers.

1. Compiler built-in — SMTChecker

/// @custom:invariant count <= MAX_COUNT
contract Counter {
    uint256 public count;
    // ...
}

One command, solc --model-checker-engine chc. Free, fast, but limited in expressiveness.

2. Foundry invariant testing

contract CounterInvariantTest is Test {
    Counter counter;

    function setUp() public {
        counter = new Counter();
        targetContract(address(counter));
    }

    function invariant_countNeverExceedsMax() public view {
        assertLe(counter.count(), 1_000_000);
    }
}

Foundry calls your functions in random order to see whether invariants break. The standard.

3. Halmos — a symbolic execution engine backed by a16z crypto. Takes Foundry tests as-is and verifies them symbolically. Powerful on small contracts.

4. Certora Prover — commercial. Used by Aave, Compound, MakerDAO. Expensive, but the strongest formal verification. Yearly licenses range roughly USD 100-300k.

5. Echidna — the Trail of Bits property-based fuzzer. Pairs with the crytic-properties library.

6. KEVM — Runtime Verification's K Framework model of the EVM. The heaviest formal verification you can buy.

In practice, SMTChecker + Foundry invariants + Echidna is the standard stack. Certora is added on top by protocols handling more than about USD 10 billion.

10. The Move Language — Diem's legacy, Aptos and Sui today

Move was born in 2019 inside Facebook's (now Meta's) Diem (formerly Libra) project. When Diem was wound down in January 2022, key engineers founded two companies.

  • Aptos Labs — Mo Shaikh and Avery Ching. Aptos mainnet launched October 2022.
  • Mysten Labs — Evan Cheng and Sam Blackshear. Sui mainnet launched May 2023.

Both chains use Move, but the language has forked. Aptos Move stays close to the original Diem Move, and Sui Move was redesigned around an object-centric model.

Move's core idea, in one line: resources cannot be copied or dropped, only moved. A coin is not a variable, it is a resource. It cannot simultaneously exist in two places.

A coin in Aptos Move.

module my_addr::my_coin {
    use std::signer;

    struct MyCoin has key {
        value: u64,
    }

    public entry fun mint(account: &signer, value: u64) {
        let coin = MyCoin { value };
        move_to(account, coin);
    }

    public entry fun transfer(from: &signer, to: address, amount: u64) acquires MyCoin {
        let from_addr = signer::address_of(from);
        let from_coin = borrow_global_mut<MyCoin>(from_addr);
        assert!(from_coin.value >= amount, 1);
        from_coin.value = from_coin.value - amount;
    }
}

has key means the struct can live in global storage. acquires MyCoin declares which resources the function borrows. All dynamic resource access in Move is checked at compile time.

11. Sui Move — the object-centric model

Sui Move is the same Move with a different worldview. Where Aptos Move says "resources attach to accounts," Sui Move says "everything is an object." Each object has a unique UID and is owned by other objects.

A coin in Sui Move.

module my_pkg::my_coin {
    use sui::coin::{Self, Coin, TreasuryCap};
    use sui::transfer;
    use sui::tx_context::TxContext;

    public struct MY_COIN has drop {}

    fun init(witness: MY_COIN, ctx: &mut TxContext) {
        let (treasury, metadata) = coin::create_currency(
            witness, 9, b"MYC", b"My Coin", b"", option::none(), ctx
        );
        transfer::public_freeze_object(metadata);
        transfer::public_transfer(treasury, tx_context::sender(ctx));
    }
}

Sui Move's real strength is parallel execution. If two transactions touch disjoint sets of objects, they run in parallel. NFT transfers without a hot spot scale almost arbitrarily.

Sui mainnet sustains about 2,000 average TPS, with peaks above 8,000. Compared to roughly 100 TPS for the EVM, that is a full order of magnitude.

12. Cairo 2.6 — STARK-friendly by design

Cairo, from StarkWare, was built around an instruction set that is cheap to prove in STARK. Operations that are expensive in EVM gas (multiplication, for instance) are essentially free in Cairo, and vice versa.

Cairo 1.0 shipped in July 2023, heavily influenced by Rust. The latest in May 2026 is 2.6.4.

A counter in Cairo.

#[starknet::contract]
mod Counter {
    #[storage]
    struct Storage {
        count: u128,
    }

    #[external(v0)]
    fn increment(ref self: ContractState) {
        let current = self.count.read();
        assert(current < 1_000_000, 'Count exceeded');
        self.count.write(current + 1);
    }
}

The type system is essentially Rust's. ref self takes a mutable reference. Panics use assert.

StarkNet mainnet, from v0.13.2 in November 2024, aligned its gas model more closely with Ethereum. As of May 2026 the StarkNet TVL is about USD 2.5 billion.

The real point of Cairo is proof cost. Ten thousand transactions get bundled into a single ZK proof posted to Ethereum. Per-user gas drops to roughly one-tenth of EVM L2 levels.

13. Stylus — Arbitrum's Rust/WASM experiment

Arbitrum Stylus went live on mainnet in August 2024. The one-line pitch: run Rust, C, C++, and AssemblyScript contracts alongside EVM contracts on Arbitrum L2. WebAssembly executes next to EVM.

A Stylus contract in Rust.

use stylus_sdk::{alloy_primitives::U256, prelude::*};

#[storage]
#[entrypoint]
pub struct Counter {
    count: StorageU256,
}

#[public]
impl Counter {
    pub fn count(&self) -> U256 {
        self.count.get()
    }

    pub fn increment(&mut self) -> Result<(), Vec<u8>> {
        let current = self.count.get();
        if current >= U256::from(1_000_000_u32) {
            return Err(b"Count exceeded".to_vec());
        }
        self.count.set(current + U256::from(1));
        Ok(())
    }
}

Stylus contracts are interoperable with Solidity contracts. Same ABI, same gas accounting. But Rust runs arithmetic about 10-50x faster. The common pattern is to move cryptographic, compression, or FFT-style compute-heavy code into Rust while keeping business logic in Solidity.

14. Fuel and Sway — a UTXO Ethereum L2

Fuel launched a beta net in September 2023 and the mainnet went live in 2024. The biggest difference is the UTXO model, the opposite of Ethereum's account model.

Sway is heavily Rust-influenced but designed around UTXO.

contract;

storage {
    count: u64 = 0,
}

abi Counter {
    #[storage(read)]
    fn count() -> u64;

    #[storage(read, write)]
    fn increment();
}

impl Counter for Contract {
    #[storage(read)]
    fn count() -> u64 {
        storage.count.read()
    }

    #[storage(read, write)]
    fn increment() {
        let current = storage.count.read();
        require(current < 1_000_000, "Count exceeded");
        storage.count.write(current + 1);
    }
}

The UTXO model parallelizes naturally. Transactions with disjoint input UTXOs validate in parallel. The flip side is that shared state, like a counter, is unnatural — the example above relies on Fuel's "stateful contract" extension.

Fuel TVL in May 2026 is about USD 500 million. Among the newer L2s it is one of the fastest-growing.

15. Solana — Rust, Anchor, Pinocchio

Solana is not an EVM. Contracts are called programs, and state lives in separate accounts. A program does not own its own account; users create PDAs (Program Derived Addresses) where state is stored.

Three ways to ship a Solana program.

1. Native Solana — the lowest level. Build directly against the solana_program crate. The fastest at runtime and the longest to write.

2. Anchor framework — Solana's Hardhat equivalent. Macros remove the boilerplate. The de facto standard.

use anchor_lang::prelude::*;

declare_id!("11111111111111111111111111111111");

#[program]
pub mod counter {
    use super::*;

    pub fn increment(ctx: Context<Increment>) -> Result<()> {
        let counter = &mut ctx.accounts.counter;
        require!(counter.count < 1_000_000, ErrorCode::CountExceeded);
        counter.count += 1;
        Ok(())
    }
}

#[derive(Accounts)]
pub struct Increment<'info> {
    #[account(mut)]
    pub counter: Account<'info, Counter>,
}

#[account]
pub struct Counter {
    pub count: u64,
}

#[error_code]
pub enum ErrorCode {
    #[msg("Count exceeded")]
    CountExceeded,
}

3. Pinocchio — a 2024 zero-copy low-level library. Write contracts directly without Anchor's macro overhead. About 30-50% gas savings compared to Anchor. The cost is losing Anchor's automatic validation, so much more rides on you.

Solana TVL in May 2026 is about USD 13 billion. Roughly 80% sits behind Anchor, 15% native, and 5% Pinocchio.

16. NEAR — Rust, AssemblyScript

NEAR Protocol launched in 2020. It billed itself as a JavaScript-friendly chain but Rust ended up as the standard. The AssemblyScript SDK was effectively deprecated in 2024.

A NEAR Rust contract.

use near_sdk::{env, near, AccountId};

#[near(contract_state)]
#[derive(Default)]
pub struct Counter {
    count: u64,
}

#[near]
impl Counter {
    pub fn increment(&mut self) {
        assert!(self.count < 1_000_000, "Count exceeded");
        self.count += 1;
    }

    pub fn get_count(&self) -> u64 {
        self.count
    }
}

NEAR's differentiator is sharding. Nightshade sharding scales horizontally. Still, as of May 2026 the NEAR TVL is about USD 300 million, a much smaller seat than its early promise suggested.

17. Cosmos CosmWasm — Rust on the interchain

Cosmos is not a single chain. It is a federation of dozens of chains built with one SDK. CosmWasm is the smart contract module that runs on top of that SDK. Osmosis, Juno, Neutron, and Stargaze all use CosmWasm.

A CosmWasm Rust contract.

use cosmwasm_std::{entry_point, DepsMut, Env, MessageInfo, Response, StdError};
use cw_storage_plus::Item;

const COUNT: Item<u64> = Item::new("count");

#[entry_point]
pub fn instantiate(deps: DepsMut, _env: Env, _info: MessageInfo, _msg: ())
    -> Result<Response, StdError> {
    COUNT.save(deps.storage, &0u64)?;
    Ok(Response::default())
}

#[entry_point]
pub fn execute(deps: DepsMut, _env: Env, _info: MessageInfo, _msg: ())
    -> Result<Response, StdError> {
    let current = COUNT.load(deps.storage)?;
    if current >= 1_000_000 {
        return Err(StdError::generic_err("Count exceeded"));
    }
    COUNT.save(deps.storage, &(current + 1))?;
    Ok(Response::default())
}

CosmWasm's strength is IBC. A contract on one chain can call a contract on another. Cross-chain asset movement is built in.

Aggregate Cosmos TVL in May 2026 is about USD 3.5 billion.

18. Polkadot ink! — Rust on Substrate

ink! is the Rust DSL for Polkadot/Substrate from Parity Technologies.

#[ink::contract]
mod counter {
    #[ink(storage)]
    pub struct Counter {
        count: u64,
    }

    impl Counter {
        #[ink(constructor)]
        pub fn new() -> Self {
            Self { count: 0 }
        }

        #[ink(message)]
        pub fn increment(&mut self) {
            assert!(self.count < 1_000_000, "Count exceeded");
            self.count += 1;
        }

        #[ink(message)]
        pub fn get(&self) -> u64 {
            self.count
        }
    }
}

ink!'s real quirk is that contracts compile to WebAssembly, not EVM bytecode. Almost no one ships directly on Polkadot mainnet; most ink! usage is on parachains like Astar and Aleph Zero.

19. Cardano — Plutus and Aiken

Cardano started with Plutus, a Haskell-based smart contract language. The Haskell barrier was steep, so in 2023 Aiken appeared as an alternative.

Aiken is Plutus-compatible but uses Rust-like syntax.

use aiken/transaction.{ScriptContext}

validator {
  fn counter(_redeemer: Data, _datum: Data, _ctx: ScriptContext) -> Bool {
    True
  }
}

Cardano uses an extended UTXO model (eUTxO). Contracts do not directly hold state; state is encoded in the datum of UTXOs. That requires a real shift in mental model.

Cardano TVL in May 2026 is about USD 400 million — a small seat relative to its early promise.

20. Tezos, Algorand, Hedera — each their own path

Tezos — Michelson (low-level assembly), LIGO (JavaScript or Pascal-like), SmartPy (Python-like), Archetype (formal-verification first). Self-amending governance. TVL about USD 100 million.

Algorand — TEAL (low-level), PyTeal (Python), Algorand Smart Contract, Reach (compiler-based). Pure proof of stake. TVL about USD 200 million.

Hedera — Solidity. The Hedera Smart Contract Service is EVM-compatible. Strong in enterprise (IBM, Google, Boeing on the governance council). TVL about USD 150 million.

Bitcoin Layer 2 — Liquid Network (Elements Script), RGB (client-side validation), Simplicity (formal-verifiable assembly). Three different attempts at Bitcoin-secured smart contracts. Still early.

21. Account Abstraction — EIP-4337 and EIP-7702

A change even bigger than contract languages happened around accounts. As of May 2026, about 18% of Ethereum transactions originate from smart accounts.

EIP-4337 — went live on mainnet in March 2023. Supports smart accounts at the mempool layer without protocol changes. Key components: UserOperation, Bundler, EntryPoint, Paymaster.

EIP-7702 — landed with the May 2024 Pectra hard fork. Lets an EOA (externally owned account) temporarily attach code. Users keep MetaMask but, for the duration of one transaction, behave like a smart account.

Major smart-account infrastructure.

  • Safe (formerly Gnosis Safe) — the multisig standard. About USD 150 billion in assets managed via Safe.
  • Pimlico — bundler and paymaster service, permissionless.js SDK.
  • Alchemy Account Kit — account abstraction SDK and infrastructure.
  • Biconomy — gasless transactions and smart accounts.
  • ZeroDev — Kernel smart accounts.
  • Stackup — bundler infrastructure.

22. MEV and Protection — Flashbots, SUAVE

MEV (Maximal Extractable Value) is the value a block builder can extract by reordering transactions. Sandwich attacks, frontrunning, and backrunning are the canonical examples.

Flashbots — arrived in 2020 to make MEV transparent. MEV-Boost now drives the proposer-builder separation flow for about 92% of Ethereum mainnet blocks.

SUAVE (Single Unifying Auction for Value Expression) — Flashbots' 2023 announcement of a decentralized mempool. Users no longer have to choose which builder receives their transaction.

MEV-protected RPCs — Flashbots Protect, MEV Blocker, BloxRoute Protect. Switch your MetaMask RPC and sandwich attacks essentially disappear.

23. Audit Firms — who audits whom

Major smart contract audit firms as of 2026.

  • OpenZeppelin — the largest. Auditing history with Aave, Compound, MakerDAO.
  • Trail of Bits — builders of Echidna and Slither. Strong on formal methods.
  • ConsenSys Diligence — built MythX and Scribble. Close to the Ethereum Foundation.
  • Quantstamp — Toronto-based. Strong automated-tool story.
  • Hacken — Ukrainian/European. Strong in Eastern Europe alongside CertiK.
  • Halborn — Miami-based. Strong on multi-chain.
  • CertiK — out of the University of Illinois. Automated formal verification.
  • Spearbit — a decentralized audit network. Matches individual auditors to projects.

Audit alternatives:

  • Code4rena — competitive audits. Dozens of auditors compete over pools of roughly USD 50k-500k.
  • Sherlock — audit plus hack insurance. Bugs missed in the audit are covered by insurance.
  • Cantina — Spearbit's successor. Competitive plus curated.
  • Immunefi — bug bounty platform. Bounties up to about USD 10 million.

Typical audit pricing. Small (under 5,000 lines): about USD 30k-100k. Medium: about USD 100k-500k. Large protocols: roughly USD 500k-2M. A single audit takes six weeks to three months.

24. The Graph and Goldsky — indexing contract data

Reading on-chain contracts through raw RPC is slow. So you need an indexer.

  • The Graph — the longest-standing standard. Subgraphs defined as GraphQL schemas. Decentralized network plus a hosted service. The hosted service was sunset in 2024, completing the move to the decentralized network.
  • Goldsky — faster and easier. SQL-like Mirror and GraphQL Subgraphs. Strong enterprise traction.
  • Subsquid — an open-source indexer SDK. Postgres can be self-hosted.
  • Ponder — a TypeScript-native indexer. Friendly to Hardhat and Foundry developers.
  • Envio — an ultra-fast indexer on top of HyperSync. About 1,000 blocks per second.
  • Allium — a Web3 data warehouse. Query every chain from SQL.
  • Dune Analytics — SQL dashboards. The analyst's standard.

One-line decision rule. For a DApp that needs a GraphQL indexer, use Goldsky or The Graph. For an indexer that lives close to your TypeScript code, use Ponder. For analytics dashboards, use Dune.

25. Korean Web3 — from Klaytn to Kaia

The big shift in Korean Web3 came in June 2024. Klaytn (Kakao) and Finschia (LINE) merged into Kaia, headquartered in Abu Dhabi. The mainnet went live in August 2024.

Major Korean-rooted Web3.

  • Kaia — the Klaytn and Finschia merger. EVM-compatible. TVL about USD 500 million.
  • BORA — Kakao Games' gaming token and platform. A sidechain on top of Kaia.
  • Klip — Kakao's wallet. In practice the entry point to Korean Web3.
  • WEMIX — WeMade's gaming token. Once at a 1.5-trillion-won market cap, then delisted from exchanges in September 2022, and recovering since.
  • ICON — Korea's flagship from the 2017 ICO boom. Currently pushing BTP (Blockchain Transmission Protocol) for cross-chain.
  • Sygnum Korea — Swiss Sygnum's Korea arm. Institutional digital asset bank.
  • Dunamu / Upbit — Korea's largest exchange. Operates the Luniverse chain.
  • Xangle — Korean Web3 data analytics and research.

One-line take. Retail trading is enormous (about 7% of global volume), but on-chain DeFi activity remains small.

26. Japanese Web3 — from Astar to Soneium

Japan went quiet for a long stretch after the 2017 Coincheck hack and the strict regulations that followed. The landscape shifted between 2023 and 2024 as the LDP pushed pro-Web3 policy.

Major Japanese Web3.

  • Astar Network — the largest Japanese-grown chain. EVM and WASM in parallel. Was a Polkadot parachain, then switched to a Polygon CDK-based zkEVM L2 (Astar zkEVM) in 2024.
  • Soneium — the OP Stack-based L2 from Sony Block Solutions Labs and Startale. Mainnet launched January 2025. The goal is to bring Sony IP — anime, games, music — onto the chain.
  • Oasys — Japanese gaming consortium (Bandai Namco, Sega, Square Enix and others). Layer 1 plus per-game Verse Layer.
  • JPYC — a yen-pegged stablecoin. Formally issuable since Japan's revised Payment Services Act in 2024.
  • Animoca Brands Japan — Hong Kong-based Animoca's Japan arm. Strong on Japanese games and IP NFTs.
  • HashPort — the largest Japanese Web3 systems integrator. NFT and Web3 consulting.
  • Double Jump.Tokyo — the studio behind My Crypto Heroes. Japanese NFT gaming.

One-line take. IP is strong (anime, games, characters), so NFT-centric Web3 comes naturally and DeFi is comparatively weak.

27. The Real Revenue — Curve, Lido, Aave, Compound, Uniswap

Where is smart contract revenue actually being made? Annualized revenue as of May 2026.

  • Tether (USDT issuance) — about USD 7 billion. By far number one. Effectively a custody business more than a contract one.
  • Circle (USDC issuance) — about USD 1.8 billion.
  • MakerDAO/Sky (DAI/USDS) — about USD 500 million.
  • Aave — about USD 350 million in fees. TVL about USD 25 billion.
  • Lido — about USD 150 million (10% fee). About USD 9 billion worth of staked ETH.
  • Uniswap Labs — exact revenue undisclosed. Estimated around USD 100 million from frontend fees.
  • Curve Finance — about USD 50 million. The origin of veTokenomics.
  • Compound — about USD 30 million. Once the DeFi king.
  • GMX — about USD 20 million. Perpetuals DEX.
  • Pendle — about USD 15 million. Yield tokenization.

Aggregate revenue from Solidity contracts is roughly USD 10 billion per year. Not a small market.

28. Where to Start — a 2026 decision tree

The most common question from a new contract engineer: "What should I learn first?" In one line each.

  • Job market or side project, shortest path — Solidity 0.8.28 and Foundry. First contract deployed within a month.
  • Long-term infra and L2 work — Rust plus Solana Anchor or Stylus. Two months of learning.
  • Research-leaning (formal verification, ZK) — Cairo or Rust with Halmos. Three months or more.
  • New paradigms (object model, parallelism) — Sui Move or Aptos Move. Two months.
  • Korean gaming or IP plan — Kaia EVM and Klip integration. Solidity carries over directly.
  • Japanese gaming or IP plan — Soneium or Oasys. Both are EVM, so Solidity carries over.

Security first — SMTChecker, Echidna, Foundry invariants, Slither. Add Certora at large-protocol scale.

Gas first — Solady, plus Yul inline assembly. Huff only for genuinely hot paths.

The closing line. EVM does not die. But knowing only EVM narrows your future. A 2026 contract engineer should know one of Solidity deeply, and at least the entry level of Move or Rust.

References

Discuss on TwitterView on GitHub