What is a Smart Contract?

A smart contract is a program that lives on a blockchain. Once deployed, it runs exactly as written, its code is public, and anyone with a wallet can interact with it. If Bitcoin is a ledger for a single asset, smart contracts are the reason Ethereum and its descendants can run an entire financial system.

The idea, stripped down

A smart contract has an address (just like a wallet), it can hold a balance in the chain's native token, and it can store its own state. Calling a function on the contract is just sending it a transaction with the function name and arguments encoded in the data field. Validators run the code, update the contract's state, and the result is permanent.

Examples:

• A Uniswap pool contract holds two tokens and lets anyone swap between them.
• An ERC-20 token contract keeps a mapping of addresses to balances and implements transfer and approve.
• A multisig wallet requires M-of-N signatures before releasing funds.

None of these need a backend server. The blockchain is the backend.

How they get written

On Ethereum and EVM-compatible chains, smart contracts are usually written in Solidity, compiled to EVM bytecode, and deployed with a transaction that embeds the bytecode. Other ecosystems use different languages — Rust on Solana and Near, Move on Sui and Aptos, Cairo on Starknet — but the concept is the same: you write code, you compile it, you post it on-chain, and now the world can use it.

A typical smart contract is a few hundred lines of code. A complex one (Compound, Uniswap v3) is a few thousand. They are short because they have to be bulletproof — every line is a potential exploit.

Why they are powerful

Trust minimization. A smart contract does not require you to trust a company, a CEO, or a jurisdiction. You read the code (or read an audit of it), you see the on-chain history, and you interact.

Composability. Any smart contract can call any other smart contract. Protocols plug into each other with no integration meetings or API deals.

Permissionless access. If you have an address, you can use the contract. No account creation, no geographic restrictions, no KYC (unless the contract itself enforces one).

The hard part

Code is law, which is great until the law has a bug. Once deployed, a contract usually cannot be changed — that immutability is part of why you can trust it. But if an exploit appears, funds can drain irreversibly. The DAO hack in 2016 (stole the equivalent of about $60 million), the Parity wallet freeze in 2017 ($280 million locked forever), the Ronin bridge hack in 2022 ($625 million) — the graveyard is real.

Mitigations include audits by firms like Trail of Bits and OpenZeppelin, bug bounties, upgradable proxy patterns (which trade some immutability for the ability to patch), time-locks on admin actions, and formal verification on the most critical code. None of them make a contract perfectly safe; they just narrow the attack surface.

If you ever send funds to a smart contract, you are trusting the code. Find out who wrote it, who audited it, and what the worst-case outcome looks like before you commit.