A smart contract is a program stored on a blockchain that runs automatically when predetermined conditions are met — no bank, lawyer, or middleman required. The name is a little misleading: smart contracts are neither particularly “smart” nor legal contracts in the traditional sense. They are simply code that executes exactly as written, every time, on a decentralized network.
The concept was formally described by computer scientist Nick Szabo in 1994, but it didn’t become practically useful until Ethereum launched in 2015 with a built-in environment designed specifically for running these programs.
How a smart contract actually works
Think of a smart contract as a vending machine. You insert the correct coin, press a button, and the machine dispenses your item — no cashier needed, no discretion applied. The logic is fixed: input A produces output B. Smart contracts work the same way.
When a developer deploys a smart contract, they upload bytecode to the blockchain. That code gets a permanent address, just like a wallet. Anyone can then interact with it by sending a transaction to that address. The Ethereum Virtual Machine (or an equivalent runtime on other chains) executes the code, updates state, and records everything on-chain.
Because the contract lives on a decentralized network, no single party controls it after deployment. The rules are enforced by every node running the network — not by the company or individual who wrote the code.
Key insight: “Code is law” is the informal motto of smart contract culture. It means the contract does exactly what it says — including any bugs. There is no appeals process, no customer support line, and no way to reverse a transaction that executed correctly according to the code.
What smart contracts can do
Smart contracts unlock a wide range of applications because they can hold, send, and receive cryptocurrency, and because their logic is transparent and auditable.
Decentralized finance (DeFi)
The most economically significant use is decentralized finance. Smart contracts power lending protocols that automatically liquidate under-collateralized positions, decentralized exchanges that swap tokens using mathematical formulas, and liquidity pools that pay yield to depositors — all without a company operating in the middle.
Token creation and management
The ERC-20 and ERC-721 token standards are themselves smart contracts. When a project launches a new token, they deploy a contract that tracks balances and enforces transfer rules. NFTs work the same way: ownership is recorded in a contract, not in any company’s database.
Governance
Many protocols use smart contracts to run their own governance. Token holders submit proposals and vote on-chain; if a proposal passes, the contract can automatically execute the change — adjusting a fee, updating a parameter, or moving funds from a treasury.
Other applications
| Use case | What the contract does |
|---|---|
| Escrow | Holds funds and releases them when both parties confirm |
| Vesting schedules | Unlocks tokens to founders or employees over time |
| Prediction markets | Distributes winnings based on verified outcomes |
| Cross-chain bridges | Locks assets on one chain and mints equivalents on another |
| Gaming | Enforces item ownership and in-game economies |
What smart contracts cannot do
Understanding the limitations is just as important as understanding the capabilities.
They cannot access outside data on their own
A smart contract only knows what is on the blockchain. It cannot check a stock price, verify the weather, or confirm whether a sports team won a game. To act on real-world data, it must rely on an oracle — a service that feeds verified external information onto the chain. This is a meaningful trust assumption: the contract may be trustless, but the oracle feeding it data may not be.
They cannot be changed after deployment (usually)
Once deployed, a smart contract’s code is permanent. This is a feature — it means nobody can secretly alter the rules — but it is also a liability. Bugs cannot be patched the way a mobile app can be updated. Developers work around this with “upgradeable proxy” patterns, but those reintroduce a degree of centralized control.
They cannot execute on their own schedule
Smart contracts are passive. They do not run unless a transaction triggers them. Automated actions require an external account or “keeper” bot to send a triggering transaction at the right moment — which again introduces a dependency on off-chain infrastructure.
They cannot guarantee legal enforceability
A smart contract can enforce its own code, but it has no authority over the physical world. If someone sells a house using a smart contract and then refuses to hand over the keys, the contract cannot compel them to comply. The gap between on-chain execution and real-world enforcement is an active area of legal research.
The risk side of smart contracts
Smart contracts have been responsible for some of the largest losses in crypto history. Because notable hacks often exploit logic errors rather than brute-force attacks, even well-funded and audited protocols have been drained. Common attack surfaces include:
- Reentrancy bugs — a contract calls an external address before updating its own balance, allowing the external address to repeatedly call back and drain funds.
- Integer overflow/underflow — arithmetic that wraps around unexpectedly, producing absurd values.
- Oracle manipulation — an attacker inflates or deflates a price feed to trick a lending protocol into allowing an under-collateralized withdrawal.
- Admin key compromise — upgradeable contracts with a single admin key are only as secure as the key holder.
Security audits reduce risk but do not eliminate it. Treating any unaudited smart contract as experimental, and sizing exposure accordingly, is a sensible default.
Deploying and interacting with contracts
You do not need to be a developer to use smart contracts — every time you swap tokens on a decentralized exchange or deposit into a lending protocol, you are sending a transaction to one. What you do need is a crypto wallet and enough native currency to pay gas fees, which cover the computational cost of execution.
If you are curious about writing them, Solidity is the dominant language for Ethereum-compatible chains. A contract is compiled to bytecode, tested on a testnet, and then deployed with a standard transaction. The source code is often verified and published on block explorers so anyone can read exactly what the contract does before interacting with it.
Key takeaways
- A smart contract is on-chain code that executes automatically when its conditions are met — no intermediary required.
- Once deployed, the contract’s logic is enforced by every node on the network and is typically immutable.
- Smart contracts cannot access external data on their own; they depend on oracles for real-world information.
- They are passive — they need an external transaction to trigger execution, and they cannot enforce outcomes in the physical world.
- Code bugs have led to major losses; audits reduce but do not eliminate risk.
- Most DeFi, NFT, and governance applications are built directly on smart contracts.
Next up: The Ethereum Virtual Machine