A smart contract is a program stored on the blockchain that runs automatically when certain conditions are met. You write the rules in code, deploy them to the network, and the contract executes itself from that point forward. No lawyer reviews it. No bank approves it. No company can stop it.
This sounds simple. The implications are not. Smart contracts are the reason Ethereum exists as a separate project from Bitcoin. They are the foundation of every DeFi protocol, every NFT, every DAO, and most of what people mean when they say Web3. Understanding smart contracts means understanding why Ethereum became the second-largest blockchain in the world.
Who invented smart contracts: Nick Szabo and the vending machine
Nick Szabo, a computer scientist and legal scholar, proposed the concept in 1994. His definition was precise: a smart contract is a set of promises specified in digital form, including the protocols within which the parties perform on those promises. No lawyers. No courts. The code enforces the agreement.
Szabo used a vending machine as his model. You insert the correct amount of money, select your item, and the machine delivers it. No cashier is involved. No trust is required between you and the machine owner. The mechanism itself enforces the transaction. A smart contract works exactly the same way, except the vending machine is code on a blockchain and the product can be anything from a digital token to a loan to the title of a house.
Szabo called these agreements “God Protocols” in a 1997 paper. The idea was that a trusted third party, a bank, a government, a notary, could be replaced by a mathematical protocol that all parties could verify independently. He had the concept right but lacked the infrastructure to build it. That infrastructure arrived 21 years later, when Vitalik Buterin published the Ethereum white paper in 2013.
Buterin saw that the Bitcoin blockchain was the right foundation, but the Bitcoin scripting language was too limited to run general-purpose programs. To learn more about that decision and the people who built Ethereum, read the full account of who created Ethereum.
How smart contracts work on Ethereum
A smart contract on Ethereum goes through four stages: writing, compiling, deploying, and executing. Each stage is distinct, and understanding the sequence explains both the power and the limitations of the technology.
Writing the code: Solidity
Most Ethereum smart contracts are written in Solidity, a programming language created specifically for the Ethereum Virtual Machine. Gavin Wood, one of the Ethereum co-founders, led its design. Solidity looks similar to JavaScript and was built to make common contract patterns easy to write: holding funds in escrow, issuing tokens, running auctions, managing access permissions.
Vyper is a second option. It was designed to be simpler and more auditable than Solidity. Vyper deliberately limits some programming features to reduce the surface area for bugs. Many security-focused developers prefer it for contracts that handle large amounts of money.
Deploying to the blockchain
Before a contract can be deployed, it must be compiled into bytecode, the low-level instruction set that the Ethereum Virtual Machine understands. Deploying a contract is itself a transaction on the Ethereum network. You pay gas. The transaction is included in a block. The contract receives a permanent address on the blockchain.
From that moment, the contract exists at that address forever. It has its own balance. It can receive and send ETH. It can store data. And it runs exactly the code that was compiled and deployed, with no possibility of modification by the original author.
Execution: the EVM runs the code
When a user sends a transaction to a smart contract address, the Ethereum Virtual Machine executes the contract bytecode on every full node in the network simultaneously. Every node must arrive at the same result. This is determinism in practice: the same input always produces the same output, regardless of which machine runs it.
Each operation costs gas. Reading from storage costs 100 gas. Writing to storage costs 20,000 gas. This pricing reflects the real burden that computation places on every node running the EVM. Gas prevents contracts from running infinite loops and stops anyone from clogging the network with cheap spam. To understand how gas fees work in detail, read the guide on how Ethereum works.
The if/when…then logic
Every smart contract operates on a simple principle: if a condition is met, then execute an action. The conditions and actions can be arbitrarily complex, but the underlying structure is always the same.
A basic example: if the buyer sends 1 ETH to this contract address, then transfer the NFT from the seller wallet to the buyer wallet. The contract checks the condition, verifies it is true, and automatically enforces the transfer. Neither party needs to trust the other. Neither needs to trust an intermediary. The contract code is the intermediary, and the code is public.
What makes a smart contract different from regular code
Any developer can write code that runs automatically when conditions are met. What makes a smart contract different is where it runs and what that means for the people using it.
Immutability: the code cannot be changed
Once deployed to the network, a standard smart contract cannot be altered. No developer can push an update. No company can modify the terms. The rules written at deployment are the rules forever. This means users can verify exactly what a contract will do before they interact with it, and they can be certain that the rules will not change after they commit funds.
Some developers build upgrade mechanisms into contracts that allow limited modifications through proxy patterns. These introduce a degree of trust back into the system, because someone with admin keys can make changes. Most serious DeFi protocols document their upgrade capabilities clearly, and some have locked their contracts permanently to remove that risk entirely.
Transparency: anyone can read the contract
Every smart contract deployed on Ethereum is publicly readable. Anyone can look at the bytecode. If the developer verified and published the source code on Etherscan, anyone can read the original Solidity. This is fundamentally different from traditional financial agreements, which are private documents between parties. The contract terms are open to the entire world, before and after you interact with it.
Transparency cuts both ways. Users can verify what a contract does before trusting it with money. But attackers can also study the code looking for weaknesses. This is why smart contract audits matter. Independent security firms review contract code before deployment and publish their findings. A major DeFi protocol without an audit is a serious red flag.
Trustlessness: no middleman needed
The word trustless in this context does not mean you trust nobody. It means you do not need to trust any specific person or company. You trust the code, which is public and verifiable. You trust the Ethereum blockchain, which has run without a base-layer failure since 2015.
This matters enormously in practice. When you swap tokens on Uniswap, you do not need to trust the company that built Uniswap. The swap is executed by a smart contract whose code is public. When you lend on Compound, you do not trust a loan officer to process your application. The contract checks your collateral and issues the loan automatically. The same logic applies to every major DeFi protocol.
Real-world examples you have already used
Abstract descriptions of smart contracts can be misleading. Concrete examples make the technology immediate. These are some of the most widely used smart contract applications on Ethereum today.
Uniswap: trading without an exchange
Uniswap is a decentralized exchange built entirely on smart contracts. There is no order book. There is no matching engine run by a company. There is no withdrawal process. Instead, a set of smart contracts holds pools of token pairs. When you want to swap ETH for USDC, you send ETH to the pool contract. The contract calculates the exchange rate based on the ratio of assets in the pool, deducts a small fee, and sends you USDC. The entire swap happens in one transaction, in under 15 seconds, with no account required.
Uniswap processes billions of dollars in volume every week. The team that built it cannot stop a swap from happening. They cannot freeze your funds. The contracts run independently of any company decision.
Compound: borrowing without a bank
Compound is a lending protocol. Smart contracts hold pools of assets supplied by lenders. Borrowers lock collateral into a contract and receive a loan automatically. The interest rate adjusts algorithmically based on how much of each pool is currently borrowed. No credit check. No application. No human decision-maker.
If a borrower’s collateral falls below the required ratio, a liquidation contract automatically sells enough collateral to cover the loan. This happens without human intervention, at any hour, on any day. The contract handles enforcement that a bank would handle through a collections department.
OpenSea and NFT ownership
When you buy an NFT on OpenSea, a smart contract transfers ownership. The contract verifies that you sent the correct amount, updates the token ownership record on the blockchain, and sends the payment to the seller. The marketplace facilitates the listing, but the actual transfer of ownership is executed by an ERC-721 smart contract on Ethereum. Your ownership is recorded on the public blockchain, not in the OpenSea database.
This matters because if OpenSea shut down tomorrow, you would still own your NFT. The record lives on the blockchain, not on company servers.
Stablecoins like USDC
USDC is a dollar-pegged stablecoin managed partly by smart contracts. The ERC-20 smart contract that governs USDC controls how tokens are minted, transferred, and burned. Every USDC transfer you make, whether sending to a friend or depositing into a DeFi protocol, is executed by that contract. The contract enforces the rules of the token: supply caps, transfer mechanics, and operator permissions.
Understanding what ETH is and how it differs from tokens like USDC helps clarify why Ethereum needs both a native currency and a programmable contract layer.
Real estate and supply chain
Smart contracts are being tested in real estate as a replacement for escrow services. A contract can hold a buyer’s deposit, verify that title documents have been submitted on-chain, and release payment to the seller automatically once all conditions are confirmed. The process that currently requires a title company, a notary, and several weeks of coordination can, in theory, close in hours.
In supply chain management, companies like IBM have piloted smart contracts to automate payment between suppliers and manufacturers. When a shipment is confirmed as delivered at a checkpoint, the contract releases payment without waiting for manual invoice processing. Each step in the chain is recorded on the blockchain, creating an audit trail that all parties can verify independently.
What smart contracts cannot do: the oracle problem
Smart contracts have a fundamental limitation. They can only read data that exists on the blockchain. They have no access to the outside world on their own. A contract cannot look up the current price of oil. It cannot check whether a flight arrived on time. It cannot verify who won a football match.
This is called the oracle problem. If a smart contract needs real-world data, something outside the blockchain must provide it. That something is called an oracle. An oracle is a service that feeds external data into a smart contract in a way that other contracts can use.
Chainlink is the most widely used oracle network. It runs a decentralized network of data providers that fetch real-world information and publish it on-chain. DeFi protocols use Chainlink price feeds to determine when loans should be liquidated. Insurance protocols use weather data feeds to pay out claims automatically. Prediction markets use sports and election results.
The oracle problem does not make smart contracts less useful. It defines their boundary clearly. On-chain logic they handle with no trust required. Off-chain data they depend on the honesty and reliability of whatever oracle supplies it. Choosing a trustworthy oracle is as important as writing trustworthy contract code.
The risks: what happens when a smart contract has a bug
Immutability is a feature until it becomes a problem. A traditional software bug can be patched. A bug in a deployed smart contract is permanent. The code is exactly what was deployed, and if the code is wrong, there is nothing the developer can do about it after the fact.
The DAO hack of 2016
The most consequential smart contract bug in Ethereum history happened in June 2016. The DAO was a decentralized investment fund built on Ethereum. It had raised approximately $150 million worth of ETH through a crowdfund, making it one of the largest crowdfunding campaigns in history at the time.
An attacker found a reentrancy vulnerability in the DAO contract. The bug allowed the attacker to call the withdrawal function repeatedly before the contract updated its internal balance, draining funds in a loop. By the time the attack was noticed, approximately $60 million worth of ETH had been moved to a child contract under the attacker’s control.
Because the code was immutable, the Ethereum community could not simply patch the contract. The only way to recover the funds was to change the history of the blockchain itself: a hard fork that rewound the state to before the attack and returned the ETH to its original holders. Most of the community accepted the fork. A minority refused, arguing that code is law and the blockchain should not be altered regardless of the outcome. That minority continued running the original chain, which became Ethereum Classic.
Why bugs are so serious
The DAO hack established the standard for smart contract security. A bug in a contract holding user funds is not a software defect with an update coming. It is a permanent vulnerability that anyone in the world can exploit until the funds are gone.
Since 2016, smart contract security has become an industry. Firms like Trail of Bits, OpenZeppelin, Certik, and Consensys Diligence audit contract code before deployment. Common vulnerability patterns, including reentrancy, integer overflow, and access control errors, are documented in public registries. Formal verification tools attempt to prove mathematically that a contract behaves as intended.
None of this makes smart contracts risk-free. High-profile exploits still happen every year. In 2022, the Ronin bridge lost $625 million. In 2021, Poly Network lost $600 million. The lesson is consistent: smart contracts holding significant value need rigorous auditing, and users should treat unaudited contracts with caution regardless of the promises attached.
Composability: smart contracts that call each other
One of the less-discussed but most powerful properties of Ethereum smart contracts is composability. A smart contract can call another smart contract. This means developers can build on top of existing protocols without rebuilding everything from scratch.
A yield aggregator like Yearn Finance calls lending contracts on Compound and Aave, borrowing contracts on Maker, and trading contracts on Uniswap, all in a single automated strategy. The developer did not build a lending market, an exchange, or a stablecoin system. They built logic that uses existing protocols. Each individual protocol can be audited separately. The combination produces something more complex than any single contract could achieve alone.
This composability is why people describe the Ethereum DeFi ecosystem as money legos. Each protocol is a building block. Combining them creates financial products that did not exist before and could not exist in traditional finance without layers of legal agreements between institutions.
Smart contracts beyond Ethereum
Ethereum is the dominant smart contract platform, but it is not the only one. Solana supports smart contracts through a program model with faster execution and lower fees at the base layer. BNB Smart Chain uses a version of the EVM and runs Solidity contracts directly. Avalanche, Polygon, and Arbitrum are EVM-compatible chains where most Ethereum contracts can be deployed without code changes.
Cardano uses a smart contract system based on a different programming model called Plutus, which is more restrictive by design. Polkadot allows smart contracts to run across connected chains through its parachain architecture.
The key observation is that EVM compatibility has become the default standard. Most new chains adopt it because it means developers can port existing code and tools with minimal effort. Ethereum set the standard not just by being first, but by building an ecosystem deep enough that everyone else found it easier to be compatible than to compete from scratch.
FAQ
What are smart contracts in simple terms?
A smart contract is a program stored on the blockchain that runs automatically when certain conditions are met. You set the rules in code, deploy the contract, and it executes on its own from that point forward. Nobody can stop it, change it, or interfere with it after deployment.
Who invented smart contracts?
Nick Szabo, a computer scientist and legal scholar, proposed the concept in 1994. He described a smart contract as a set of promises specified in digital form, including protocols within which the parties perform on those promises. Szabo used a vending machine as his model: insert the correct input, receive the correct output, with no human needed in between.
What language are Ethereum smart contracts written in?
Most Ethereum smart contracts are written in Solidity, a programming language created specifically for the Ethereum Virtual Machine. Vyper is a second option, designed to be simpler and more auditable than Solidity. Both languages compile down to bytecode that the EVM executes.
Can a smart contract be changed after deployment?
A standard smart contract cannot be changed after it is deployed to the blockchain. The code is immutable. Some developers build upgrade mechanisms into contracts to allow limited changes, but the core logic of a basic smart contract is permanent. This is both a strength (nobody can alter the rules) and a risk (bugs cannot be patched without a workaround).
What is the oracle problem in smart contracts?
Smart contracts can only read data that exists on the blockchain. They cannot access external information on their own, such as the current price of oil, the result of a sports match, or whether a flight arrived on time. The oracle problem is the challenge of getting real-world data into a smart contract in a trustworthy way. Chainlink is the most widely used oracle network that solves this.
