0%
Overview page background
HomeOverviewsLearn Solidity
Solidity vs. Vyper: Everything You Need to Know

Solidity vs. Vyper: Everything You Need to Know

Alchemy headshot

Written by Alchemy

Brady Werkheiser headshot

Reviewed by Brady Werkheiser

Published on October 4, 20226 min read

Underlying dApps is the continuous execution of smart contracts. Originally proposed by computer scientist and cryptographer Nick Szabo, a smart contract is simply programmable code and data that govern the behavior of accounts on the blockchain. Smart contract code lives on blockchains and is one of the mechanisms that changes the state of Ethereum’s blockchain.

Smart contracts are a critical component of what makes the programs on Ethereum possible. Consider that Vitalik Buterin’s original white paper describes Ethereum as “a next generation smart contract… platform.” While smart contracts are generally programmed to execute the transfers of assets, their applications are much broader, including the creation of tokens, building dApps and DeFi products, and trading NFTs. 

There are several programming languages for writing smart contracts, and the decision of which language to choose depends on the use-case because each web3 language is optimized for different needs, benefits, and tradeoffs. 

Primarily, developers first choose between a high-level or low-level language. High-level languages abstract away the granular details of implementation, allowing developers to easily create smart contracts without an understanding of bytecode. 

Two such high-level languages  used on Ethereum and Ethereum Virtual Machine (EVM) compatible blockchains are Solidity and Vyper.

Solidity is a high-level, Turing-complete programming language for writing smart contracts on the Ethereum Virtual Machine that serves a range of use-cases, including decentralized finance (DeFi), NFTs, and wallets. 

Solidity is strongly influenced by C++ and JavaScript—apparent in its syntax—and uses the same multiple inheritance algorithm as Python. While most closely associated with Ethereum, Solidity runs on multiple blockchain platforms such as Polkadot and Avalanche.

Proposed by Ethereum CTO Gavin Wood, Solidity was developed to meet the demand for a flexible smart contract-based developer platform. With Solidity, developers can write smart contracts for a diverse set of use-cases, creating the vibrant decentralized ecosystem of applications running on Ethereum today. 

Vyper is a high-level programming language that is similar to Solidity, and is purposefully designed to increase the security of smart contracts used on EVM-compatible blockchains. 

Using Pythonic syntax—hence the serpentine name—Vyper code prioritizes readability so that developers can easily detect bugs and vulnerabilities in their code before deploying contracts.

To further support the security of its smart contracts, Vyper uses strong typing and computational decidability. Each variable declared in Vyper must be given an explicit type, and the decidability of contracts allows developers to compute an upper bound on gas consumption before contract deployment.

Both Solidity and Vyper can be used to create EVM-compatible smart contracts, but because the two web3 coding languages have unique design principles, there are benefits and tradeoffs when deciding which is the best programming language for dApp development.

To better contextualize this contrast, let’s first look at the ways in which Solidity and Vyper overlap.

Each language is high-level, and Solidity and Vyper’s compilers will translate your code into system-level bytecode that is executable by the EVM. This means that, after deployment, Solidity and Vyper smart contracts will be executed in terms of the same bytecode language. As a result, Solidity and Vyper contracts can be used concurrently in the same application. 

There are several similarities in the structuring of Vyper and Solidity’s smart contracts:

  • Version pragma - the version pragma is the intended compiler version, or range of versions, for each smart contract

  • State variables - values that are permanently stored in smart contract storage

  • Structs - can be custom defined to group together multiple variables into a single type

  • Functions - executable lines of code that can perform state changes inside and outside of their contracts

  • Events - log actions through the EVM that can be efficiently search after they're emitted

  • Overflow Checking - prevent accidental overflow of data types by checking array accesses and arithmetic to ensure variable storage is safe

A large portion of smart contract core structure is shared between Solidity and Vyper smart contracts. However, Solidity and Vyper both offer very different ways of allowing web3 developers to write smart contracts.

The critical differences between Vyper and Solidity are the result of Vyper’s focus on security as an underlying design principle including decidability and not supporting modifiers, inheritance, inline assembly, function overloading, and recursive calling. 

Vyper achieves this additional security relative to Solidity by both adding features and omitting some of Solidity’s riskier properties. 

With decidability, developers can compute an upper bound on gas consumption of each contract, protecting against gas limit attacks. A gas limit attack is a type of denial of service (DoS) attack, where a malicious actor sends transactions through a contract to exceed the block gas limit, forcing all other transactions to fail or revert. 

In Solidity, function definitions can be preceded by a modifier, where the modifier can be defined somewhere else in the code to perform checks before and after smart contract execution, make state changes, and more.

Because of the nature of modifiers, it is easy to write misleading code, such that a seemingly innocuous function modifier actually performs operations that create vulnerabilities. Vyper does not support modifiers in order to improve readability and the detection of dangerous code.

To read code using class inheritance, one would have to read through multiple different code files to understand how a contract works. Additionally, because Solidity allows multiple inheritance, a reader would need to understand precedence rules to know how conflicts are resolved.

If multiple functions with the name are inherited, which one is actually used by the contract?

Because Vyper does not allow inheritance, code is more easily audited because there are fewer files to audit. 

By excluding the inline assembly mechanism from Vyper, or the ability to convert Solidity code into machine code, variable names can be searched for in code to see everywhere a variable is read or modified.

Because overloading functions in Solidity makes it possible to hide harmful code, it is not supported in Vyper. For example, the function {sendToken(address)} could be safe, while {sendToken(address, “Hello!”)} drains your wallet.

By omitting function overloading, Vyper makes it easier to understand exactly which functions are being called and when.

Recursive calling and infinite-length loops make it impossible to calculate the upper bound of gas limits, which is in conflict with Vyper’s decidability feature, and why recursive calling isn't supported in Vyper.

Vyper’s six main differences give Vyper two distinct benefits compared to Solidity: security and auditability.

With its myriad safety features, Vyper safeguards developers from writing vulnerable code that would let bugs and exploitable attack surfaces go undetected.

Vyper code makes it easy for smart contract security auditors to read and understand precisely what the smart contract is doing. This means all parties who read your smart contracts will be able to quickly identify how assets will be manipulated on the blockchain.

Finally, as you learn Vyper, its readability will ease the process of reading the existing smart contracts of other dApps.

Although it seems like developers can do everything with Vyper that they can do with Solidity, with the addition of extra security protections, choosing Vyper over Solidity comes with two main tradeoffs: flexibility and community.

Vyper’s documentation states that Vyper is not intended to be a full replacement for Solidity because there are things that you can do in Solidity that are explicitly prohibited while coding with Vyper. Consequently, choosing Vyper over Solidity means forfeiting smart contract flexibility, limiting the range of applications.

By numbers alone, Solidity is a much more popular web3 programming language than Vyper. Completing a quick search of GitHub to find all files written in Vyper (.vy) and all files written in Solidity (.sol), we can get a sense of the amount of developers using each language. At the time of this writing, there were around 10,300 files written in Vyper compared to 8.3 million Solidity files on GitHub. 

Consequently, there are fewer guides and resources for those coding in Vyper. Outside of the official guide, it will be harder to find community discussions addressing difficulties you might encounter while developing with Vyper.

Although the compatibility of Vyper and Solidity means choosing a single language is not an either/or proposition, smart contracts that are more basic and require flexibility, should be written with Solidity, while applications that needs firm security guarantees should choose Vyper.

Neither language is expressly better than the other because they each have different use cases. Because of its lack of flexibility and the absence of a deep community of developers, Vyper is optimal for uses where the highest level of security is necessary, and new web3 developers should start by learning Solidity. 

Though Vyper has a less robust developer community, there are still a number of rich and useful resources—both formal and informal—for learning these two programming languages. The following resources will help you become a Solidity developer:

The best way to learn Solidity is by enrolling in a Solidity bootcamp, and Alchemy University’s Ethereum Developer Bootcamp, led by a gigabrain team of web3 engineers from ChainShot, is the most comprehensive 7-week online Solidity course available. With Alchemy’s recent acquisition of ChainShot, Alchemy is making ChainShot’s $3,000 bootcamp completely free. 

Signup for Alchemy University’s Ethereum developer bootcamp today and learn how to develop Ethereum dApps.

Besides a bootcamp, here are some additional ways to learn Solidity:

If developers are new to development in general, Alchemy's 3-week JavaScript crash course is a great prerequisite before starting an Ethereum bootcamp.

Once you’re done learning Solidity through a bootcamp, the best way to learn Vyper is to read the official documentation, build tutorials, and research .vy files on GitHub.

Most developers will find Solidity capable of suiting their smart contract needs, but for those who require extreme levels of security, Vyper is a fantastic choice. Because both Vyper and Solidity are tools for fully realizing the possibilities of building on the Ethereum blockchain, there is no clear winner. Vyper and Solidity are two complementary, must-learn programming languages for Ethereum developers.

Overview cards background graphic
Section background image

Build blockchain magic

Alchemy combines the most powerful web3 developer products and tools with resources, community and legendary support.

Get your API key