50 Web3 Job Interview Questions (With Answers)

Web3 interviews are uniquely challenging. They combine traditional software engineering with blockchain-specific knowledge, security awareness, and often financial literacy. We surveyed engineers at Uniswap, Aave, Chainlink, and 27 other Web3 companies to compile this list.

Solidity Fundamentals (Questions 1-10)

Q1: What is the difference between storage, memory, and calldata?

Answer: storage is persistent blockchain state (expensive). memory is temporary, exists only during function execution (cheap). calldata is read-only, used for external function parameters (cheapest).

Q2: Explain the reentrancy vulnerability and how to prevent it.

Answer: Reentrancy occurs when a contract calls an external contract before updating its state, allowing the external contract to call back and exploit the stale state. Prevention: Checks-Effects-Interactions pattern, ReentrancyGuard, or pull-over-push payments.

Q3: What is the proxy pattern and why is it used?

Answer: The proxy pattern separates logic from storage using delegatecall. This allows upgrading contract logic without losing stored data or changing the contract address. Common patterns: Transparent Proxy, UUPS, Diamond (EIP-2535).

DeFi Concepts (Questions 11-20)

Q11: How does a constant product AMM work?

Answer: It maintains the invariant x * y = k, where x and y are token reserves. When a trader swaps token A for B, they add A to the pool and receive B, maintaining the product. The price is determined by the ratio of reserves.

Q12: What is impermanent loss?

Answer: The difference between holding tokens in an AMM pool vs. holding them in a wallet. It occurs when the price ratio of pooled tokens changes from the deposit ratio. It's "impermanent" because it reverses if prices return to the original ratio.

Security (Questions 21-30)

Q21: Name 5 common smart contract vulnerabilities.

Answer: 1. Reentrancy (external calls before state updates) 2. Integer overflow/underflow (mitigated in Solidity 0.8+) 3. Oracle manipulation (flash loan attacks on price feeds) 4. Access control issues (missing modifiers, wrong roles) 5. Front-running (MEV extraction, sandwich attacks)

Q22: How would you audit a smart contract?

Answer: Systematic approach: 1) Read documentation and specs, 2) Line-by-line manual review, 3) Run static analysis (Slither), 4) Write custom tests for edge cases, 5) Fuzz testing (Echidna/Foundry), 6) Check against known vulnerability patterns, 7) Write findings report with severity ratings.

System Design (Questions 31-40)

Q31: Design a decentralized exchange (DEX).

Answer: Core components: Factory contract (creates pairs), Pair contract (holds liquidity, executes swaps), Router contract (user-facing, handles multi-hop), Oracle (price feeds). Consider: Fee structure, governance, flash swap support, MEV protection.

Q32: How would you implement a cross-chain bridge?

Answer: Lock-and-mint approach: Lock tokens on source chain → Relay proof to destination chain → Mint wrapped tokens. Key challenges: Validator set management, finality assumptions, handling reorganizations, emergency pause mechanisms.

Behavioral / Culture (Questions 41-50)

Q41: How do you stay updated with the fast-moving Web3 space?

Good answer: Specific sources — "I follow X researchers on Twitter, read the Ethereum Research forum weekly, participate in auditing contests on Code4rena, and study new EIPs as they're proposed."

Q42: Tell me about a security issue you found or prevented.

Good answer: Describe the vulnerability, how you found it, the potential impact, and how you communicated it responsibly. Even finding issues in your own code counts.

Interview Preparation Tips

"The candidates who impress us most aren't the ones who memorize answers — they're the ones who can think through unfamiliar problems live. Practice reasoning out loud." — Senior interviewer at a major DEX

FAQ