By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.
A Web3 developer interview focuses on your ability to design, code, and secure decentralized applications (dApps) that run on the Ethereum Virtual Machine (EVM). Recruiters want proof that you can write Solidity contracts, understand token standards, and reason about gas‑costs and attack surfaces—skills that power real‑world products like a Uniswap swap, an NFT minting portal, or a DAO voting contract.
pragma solidity ^0.8.18;
SafeMath
totalSupply
balanceOf
transfer
allowance
approve
transferFrom
solidity contract MyToken is ERC20 { constructor() ERC20("MyToken", "MTK") { _mint(msg.sender, 1_000_000 * 10decimals()); } }
ownerOf
safeTransferFrom
tokenURI
nonReentrant
solidity function withdraw(uint256 amount) external nonReentrant { require(balances[msg.sender] >= amount, "Insufficient"); balances[msg.sender] -= amount; // effect (bool ok,) = msg.sender.call{value: amount}(""); require(ok, "Transfer failed"); }
msg.sender
k
solidity // Simplified swap: dy = y - k/(x+dx) function getAmountOut(uint256 amountIn, uint256 reserveIn, uint256 reserveOut) internal pure returns (uint256) { uint256 amountInWithFee = amountIn * 997; // 0.3% fee uint256 numerator = amountInWithFee * reserveOut; uint256 denominator = reserveIn * 1000 + amountInWithFee; return numerator / denominator; }
uint8
bool
uint256
solidity struct Packed { uint128 a; // 128 bits uint128 b; // 128 bits → same storage slot }
npx hardhat compile
npx hardhat run scripts/deploy.js --network goerli
provider.getBlockNumber()
signer.sendTransaction(tx)
MySwap.sol
test/MySwap.test.js
chai
ethers
bash npx hardhat run scripts/deploy.js --network goerli \ --private-key $PRIVATE_KEY --infura-id $INFURA_ID
npx hardhat etherscan-verify --network goerli <CONTRACT_ADDRESS>
ethers.Contract
swapExactTokensForTokens(...)
Mistake: Using tx.origin for access control. Correction: Always rely on msg.sender; tx.origin can be spoofed through a malicious contract, breaking the permission model.
tx.origin
Mistake: Forgetting to reset allowance before changing it (ERC‑20 race condition). Correction: Either set allowance to 0 first or use increaseAllowance/decreaseAllowance from OpenZeppelin to avoid the “double‑spend” window.
0
increaseAllowance
decreaseAllowance
Mistake: Hard‑coding the owner address in the constructor, making upgrades impossible. Correction: Deploy via a proxy pattern (e.g., TransparentUpgradeableProxy) and store the admin in a separate storage slot.
Mistake: Ignoring unchecked external calls (call without verifying the return value). Correction: Always check the boolean success flag (require(success, "Call failed")) or use Address.functionCall from OpenZeppelin.
call
require(success, "Call failed")
Address.functionCall
Mistake: Over‑using public state variables for sensitive data. Correction: Keep variables private/internal and expose only read‑only getters; this reduces accidental external reads and future upgrade collisions.
public
private
internal
delegatecall
tokensReceived
require
assert
Scenario: A contract uses tx.origin to restrict withdrawals to the contract deployer. Answer: Dangerous – a phishing contract can call the vulnerable contract, making tx.origin the attacker’s address, and steal funds.
Scenario: You see a function marked external payable that forwards all received ether with address(this).call{value: amount}(""). Answer: This pattern is a reentrancy risk; the contract should first update its internal balance before forwarding ether, or use ReentrancyGuard.
external payable
address(this).call{value: amount}("")
ReentrancyGuard
Scenario: A DeFi pool’s addLiquidity function does not emit an event. Answer: Missing events hinder indexing and off‑chain analytics; auditors will flag it as a visibility/monitoring issue.
addLiquidity
pragma solidity ^0.8.x;
decimals()
uint128
--network goerli
ETHERSCAN_API_KEY
Join 4M+ learners. Unlock unlimited quizzes, wrong-answer tracking, flashcards + reminders, study guides, and 1-on-1 challenges.