What Is a Smart Contract?
A smart contract is a small program that lives on a blockchain. It has its own address, holds its own balance, exposes public functions, and executes deterministically every time someone sends it a transaction.
The key property: no one can stop it, change it or override its rules once deployed (unless the developer explicitly added that ability — which is itself written in the code and visible to everyone).
A smart contract is basically a clause of a contract turned into runnable, public, automatic code.
How Do Smart Contracts Work?
- A developer writes the contract in a language like Solidity, Vyper or Move.
- The code is compiled to bytecode.
- A deploy transaction publishes the bytecode to the blockchain at a new address.
- Anyone can now call its public functions by sending a transaction.
- Every node in the network re-executes the function deterministically and updates state.
On Ethereum this happens inside the EVM (Ethereum Virtual Machine). Each operation costs gas, paid in ETH.
A Tiny Example
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;
contract Tip {
address public owner;
uint256 public totalTips;
constructor() {
owner = msg.sender;
}
function tip() external payable {
require(msg.value > 0, "Pay something");
totalTips += msg.value;
}
function withdraw() external {
require(msg.sender == owner, "Not owner");
payable(owner).transfer(address(this).balance);
}
}That's a complete, working donation contract. Anyone in the world can send it ETH; only the deployer can withdraw. No backend, no database, no server bill.
What Smart Contracts Are Used For
| Category | Examples |
|---|---|
| Fungible tokens | USDC, UNI (ERC-20) |
| NFTs | CryptoPunks, Bored Apes (ERC-721) |
| DEXs / AMMs | Uniswap, Curve |
| Lending | Aave, Compound, Morpho |
| Stablecoins | DAI, FRAX, USDe |
| DAOs | Treasury, voting, payroll |
| Identity / ENS | Naming, attestations |
| On-chain games | Fully on-chain logic |
| Bridges | Cross-chain asset transfers |
Why Smart Contracts Matter
- They eliminate the trusted middleman. A loan contract doesn't need a bank to enforce it.
- They're global from day one. Anyone with internet and a wallet can use them.
- They compose like Lego. A DEX can call a lending protocol can call a yield aggregator — in a single atomic transaction.
- They're transparent. Anyone can audit the source code and on-chain behavior.
What Smart Contracts Are *Not* Good At
- Off-chain data. They can't fetch a web page or weather; they need oracles.
- Long-running computation. Gas costs make heavy logic expensive — move it off-chain when possible.
- Privacy. All state and inputs are public unless you use zk-tech.
- Mutability. "Just patch the bug" doesn't apply. Upgrades require deliberate, often risky, patterns.
The Main Security Risks
Most smart-contract losses come from a few recurring categories. Real engineering teams check for all of these:
- Reentrancy — a contract calls an external address that calls back into it before state updates.
- Access control —
onlyOwnermissing on critical functions. - Integer overflow / underflow — fixed since Solidity 0.8, but still bites custom math.
- Oracle manipulation — relying on spot prices from a single low-liquidity pool.
- Front-running / MEV — predictable transactions get sandwiched.
- Logic bugs in incentive design — code is correct, model is wrong (Iron Finance, Luna/UST).
- Upgradeability footguns — proxy patterns introduce new attack surfaces.
This is why serious protocols get multiple audits, run bug bounties, and time-lock admin actions.
Gas, Explained Simply
Every operation in a smart contract has a fixed gas cost. Your transaction pays:
total fee = gas used × (base fee + priority tip)- Gas used = work the EVM did (set by the code).
- Base fee = protocol-set, burned (EIP-1559).
- Priority tip = optional bribe to validators.
Layer 2 networks (rollups) execute the same EVM but post compressed data to Ethereum, cutting fees by 10–100×.
How to Write Your First Smart Contract
The fastest path:
- Open Remix IDE in a browser. No install.
- Paste the
Tipexample above. - Compile (left toolbar).
- Connect MetaMask to Sepolia testnet.
- Get test ETH from a faucet.
- Deploy.
- Call
tip()with 0.01 ETH from another wallet.
Total time: maybe 20 minutes. Total cost: $0.
Then read our deeper Solidity smart contracts guide.
Smart Contracts vs Regular Code
| Regular backend | Smart contract | |
|---|---|---|
| Hosting | Your server / cloud | Public blockchain |
| Deployment | CI/CD | One transaction |
| Cost | Per request | Pay-per-execution gas |
| Identity | Account / JWT | Cryptographic signature |
| Updates | Anytime | Hard / risky |
| Audit trail | Server logs | Full chain history |
| Failure mode | Server crash | Bug = funds at risk |
FAQ
Are smart contracts legally binding?
The code is enforced by the network. Whether that creates a legal contract depends on jurisdiction and intent.
Do smart contracts run on Bitcoin?
Bitcoin has limited scripting and L2s like Lightning and Stacks. For full smart contracts, Ethereum and EVM L2s are the dominant choice.
How much does it cost to deploy a smart contract?
Anywhere from a few cents on an L2 to several hundred dollars on Ethereum mainnet, depending on contract size and gas conditions.
Can a smart contract be hacked?
The chain can't, the contract can. Almost every DeFi exploit is a contract bug, not a blockchain bug.
Learn It Properly
Smart contracts make far more sense once you understand what a blockchain is in the first place. Take Bitcoin 101 and Bitcoin Proof of Work to build the base, then move to our Solidity smart contracts guide and the full course catalog.