A smart contract is a program that executes automatically on a blockchain when predefined conditions are met. No intermediaries are required, it can't be arbitrarily paused, and its logic is public and verifiable.
If Bitcoin proved you can have digital money without banks, smart contracts proved you can have business logic without servers or companies. They're the foundation on which all of DeFi, NFTs, DAOs, and most modern blockchain applications are built.
How a smart contract works
A smart contract isn't "smart" in the human sense. It's code (typically written in Solidity for Ethereum) that lives at a blockchain address. When someone interacts with that address by sending a transaction, validators execute the code following the exact rules written.
The lifecycle:
- Writing: someone programs the contract in a smart contract language.
- Compilation: the code is compiled to bytecode executable by the EVM (Ethereum Virtual Machine) or equivalent VM.
- Deploy: it's published to the blockchain by paying a fee. From that moment, the contract lives at an address.
- Interaction: anyone can call its public functions by sending transactions.
- Execution: validators execute the code on the EVM and publish the result.
Critical: once deployed, the code can't be modified (unless the contract was designed with an explicit upgrade mechanism, like a proxy). This immutability is the key guarantee: the contract will do exactly what its code says, no more, no less.
Smart contract languages
Solidity (Ethereum and EVM)
The dominant language. JavaScript-like syntax. Compiles to EVM bytecode. Dominates due to Ethereum's network effect: most auditors, tools, and libraries are in Solidity.
contract SimpleStorage {
uint256 storedData;
function set(uint256 x) public { storedData = x; }
function get() public view returns (uint256) { return storedData; }
}
Vyper (alternative Ethereum)
Minimalist Python-inspired language. Fewer features than Solidity (intentional, to prevent bugs). Used by some protocols like Curve.
Rust (Solana, Polkadot, Near, Sui)
Solana, Near, Polkadot and Sui use Rust with specific frameworks (Anchor on Solana, ink! on Polkadot). Rust offers more memory safety but steeper learning curve.
Move (Aptos, Sui)
New language created by Meta for Diem (canceled project). Move models assets as non-copyable "resources," preventing certain smart contract bugs.
Cairo (Starknet)
Specific language for writing programs that generate ZK proofs. Custom syntax.
Real use cases
DeFi
Smart contracts are the infrastructure of all DeFi:
- DEXs (Uniswap, Curve): contracts executing automatic swaps using liquidity pools with mathematical curves.
- Lending (Aave, Compound): contracts receiving deposits, lending, and liquidating positions when collateral falls below threshold.
- Stablecoins (DAI, USDC): USDC is an issuer contract with controlled mint/burn function. DAI is more complex: contracts that generate stablecoin against ETH collateral.
- Liquid staking (Lido, Rocket Pool): contracts receiving ETH, staking it, and issuing liquid stETH/rETH.
NFTs
Each NFT collection is a smart contract (ERC-721 or ERC-1155 on Ethereum) maintaining an on-chain registry of who owns each token. Transfers pass through contract functions.
DAOs
DAOs (decentralized autonomous organizations) live in smart contracts that automatically execute decisions voted by governance token holders.
Other uses
- Token vesting: contracts releasing tokens to founders/investors on a predefined schedule.
- On-chain auctions: contracts receiving bids and assigning winner automatically.
- Escrow: contracts holding funds until two parties confirm the transaction.
- NFT royalties: contracts distributing royalties to creator on each resale.
Smart contract limitations
Immutability can be a problem
If there's a critical bug, the contract can't be fixed without an upgrade mechanism. That's why many contracts use proxies (a proxy delegates calls to an implementation that can change). That introduces trust in whoever controls the upgrade.
Execution cost (gas)
Each operation costs gas. Complex operations can cost $1-100 on Ethereum L1. This limits use cases. A solution are Layer 2s, which reduce fees 100x.
Access to off-chain data
A smart contract can only read on-chain data. For market prices, real-world events, etc., it needs oracles (Chainlink is dominant). The oracle is an additional trust point.
Reentrancy risk and other classic bugs
Common bugs:
- Reentrancy: an external function calls back into the contract before updating its state. Cause of the famous The DAO hack (2016).
- Integer overflow: math operations that overflow. Solidity 0.8+ prevents this automatically.
- Access control: sensitive functions without restriction on who can call them.
- Front-running: an attacker sees your transaction in mempool and executes before it with more gas.
Security: how to evaluate a smart contract before using it
Before approving spending tokens to a contract:
1. Is it audited? Audits from firms like Trail of Bits, OpenZeppelin, ConsenSys Diligence, Spearbit give some guarantee. Verify the audit is recent and on the current code version.
2. Is the code verified on the explorer? On Etherscan, check that source code is public (not just bytecode). If not verified, you don't know what it really does.
3. How much TVL does it have? If it's been years with hundreds of millions without exploit, it's safer. If new, more risk.
4. Is there a timelock on sensitive changes? Good protocols have 24-48h timelock on parameter changes, giving time to exit if you spot something suspicious.
5. Limited approvals? When a dApp asks for "approve max" to spend your token, consider limiting it to the specific amount. Use wallets like Rabby that show the detail.
How to interact with smart contracts
As a normal user, you interact with smart contracts every time you:
- Swap on Uniswap or Jupiter
- Approve a token in a dApp
- Deposit in Aave or Lido
- Buy an NFT
- Vote in a DAO
But you can also interact directly without frontend, using:
- Etherscan "Write Contract": any public function can be invoked from the explorer's site if you connect your wallet.
- Foundry / Hardhat cast: developer CLI tools.
- Multicall apps: execute multiple calls in one transaction.
This is useful if a protocol's frontend goes down — the smart contract keeps working and you can interact directly.
The future: account abstraction and other advances
Account Abstraction (ERC-4337): wallets go from EOAs (private keys) to smart contracts. Benefits:
- Social recovery of wallet (if you lose the seed).
- Pay gas in stablecoins.
- Batched transactions.
- Granular permissions (sessions, spending caps).
Verifiable Computation: ZK proofs allow executing smart contracts off-chain and verifying the result on L1 with a cryptographic proof. This opens use cases that are impossible today due to gas costs.
Cross-chain smart contracts: contracts executing logic that atomically spans multiple blockchains. Still experimental but in active development.
FAQ
Are smart contracts legally binding? Depends on the country. Most jurisdictions still don't recognize smart contracts as traditional legal contracts. They work technically without needing legal recognition, but if you want to enforce in courts, it's still gray area.
Can I make a smart contract without knowing how to code? No-code tools (Thirdweb, OpenZeppelin Wizard) allow deploying standard contracts (NFT, ERC-20) without writing code. For something custom you need Solidity or Rust.
How much does it cost to deploy a smart contract? On Ethereum L1: $100-2000+ depending on complexity. On Layer 2: $1-50. On Solana: ~$0.50.
What happens if a smart contract has a bug? If exploitable, someone will drain the funds. Famous case: Wormhole bridge lost $325M in 2022 due to a bug. That's why audits and bug bounties are critical.
Are smart contracts irreversible? Transactions are. If you transfer ETH to a malicious contract, no way back. That's why "read before signing" is rule #1.
Conclusion
Smart contracts are crypto's most underrated innovation. Bitcoin demonstrated the principle of decentralized money; Ethereum and smart contracts opened the whole space: DeFi, NFTs, DAOs, GameFi, on-chain identity. Everything that is "crypto beyond Bitcoin" is basically smart contracts.
As a user: learn to read them at a basic level, verify before approving, and use wallets with transaction simulation. As a developer: start with Solidity, always audit before mainnet, and respect established security patterns. The space rewards diligence and punishes shortcuts.
