A smart contract is a program deployed to a blockchain that executes automatically when its functions are called. Once deployed, the code is immutable (unless the contract uses an upgradeable proxy pattern) and its execution is deterministic — given the same state and inputs, every node on the network will produce the same result.
Smart contracts are the building blocks of DeFi. Every DEX, lending protocol, liquidity pool, and token is a smart contract or a set of interacting smart contracts.
Why they matter#
Traditional agreements require trust in a counterparty or enforcement by a third party (a court, an escrow agent, a clearinghouse). A smart contract replaces this with trust in code — the terms execute exactly as written, visible to anyone, and enforceable by the network’s consensus mechanism.
This makes it possible to build financial protocols that are:
- Permissionless — anyone can interact with them, no account application required.
- Composable — one contract can call another, enabling complex systems to be built from simple primitives.
- Transparent — the source code and all state transitions are publicly auditable.
How they work#
- A developer writes the contract in a high-level language (most commonly Solidity for Ethereum-compatible chains, or Rust for Solana).
- The code is compiled to bytecode and deployed to the blockchain via a transaction.
- The deployed contract lives at an address and holds its own storage and (optionally) a balance of the native currency.
- Users and other contracts interact with it by sending transactions that call its functions. Each function call is a transaction that costs gas.
- State changes are recorded on-chain and are irreversible.
Key properties#
| Property | Implication |
|---|---|
| Immutability | Bugs cannot be patched in place. Upgradeability requires proxy patterns or migration to a new contract. |
| Determinism | No randomness, no network calls, no filesystem access. External data requires oracles. |
| Atomicity | A transaction either fully succeeds or fully reverts. Partial execution is impossible. |
| Gas metering | Every operation has a cost, preventing infinite loops and ensuring the network can price computation. |
Common patterns#
- ERC-20 tokens — fungible token standard.
- Proxy / upgradeable contracts — separate storage from logic so the logic can be swapped.
- Access control — restrict sensitive functions to specific addresses (owner, multisig, governance).
- Reentrancy guards — prevent a called contract from calling back into the caller before the first invocation completes.
- Flash loans — uncollateralised loans that must be repaid within a single transaction, leveraging atomicity.
For Solidity-specific implementation details and patterns, see the Solidity section.
Risks#
- Bugs and exploits — immutability means a vulnerability in a deployed contract can be exploited until funds are drained or the contract is paused (if it has a pause mechanism). Audits and formal verification reduce but do not eliminate this risk.
- Governance attacks — contracts controlled by a single admin key or a small multisig can be rug-pulled. Look for timelocks, decentralised governance, and key management practices.
- Composability risk — a contract that depends on another contract inherits its risks. A bug in a dependency can cascade.
External links#
- Ethereum.org: Introduction to Smart Contracts — official overview
- OpenZeppelin Contracts — audited, reusable contract library
- Solidity documentation — the primary smart contract language for EVM chains