Mcap -- BTC -- ETH -- SOL -- BNB -- XRP -- F&G -- View Market
Loading prices…

Smart Contract

A piece of code deployed to a blockchain that executes automatically according to its rules. The thing that turned Ethereum into a platform rather than just a currency.

Ethereum 5 min read

A smart contract is a program that lives on a blockchain. You deploy it once, and from then on anyone can interact with it by sending transactions that call its functions, and the blockchain’s nodes will execute those function calls and update the contract’s state according to the code. A smart contract has its own address, its own storage, and its own balance of the native token, and it can hold assets, enforce rules, and interact with other contracts without any intermediary having to approve or execute the operations. This is the primitive that turned Ethereum from “Bitcoin but more flexible” into a general-purpose platform for building financial applications, games, identity systems, governance mechanisms, and everything else that constitutes modern crypto.

The phrase “smart contract” predates Ethereum by about two decades — Nick Szabo used it in papers in the mid-1990s to describe the concept of agreements that would enforce themselves through code. Ethereum’s achievement was to build a system where this idea could actually be deployed at scale, in a reasonably expressive programming language (Solidity, Vyper, more recently Huff and Yul for optimisation), running in a replicated execution environment (the EVM) that thousands of nodes would verify simultaneously.

What Smart Contracts Actually Do

The use cases that have proven out are a specific subset of what was originally proposed, and the ones that work are the ones where the “self-enforcing rules” framing actually adds value.

DeFi protocols are the biggest category. Uniswap is a smart contract (several of them, actually) that holds token reserves, lets anyone swap against them, and distributes fees to liquidity providers. Aave and Compound are smart contracts that let users deposit collateral, borrow against it, and get liquidated if their position deteriorates, all without any human approval in the loop. Curve, MakerDAO, Morpho, and every other DeFi primitive you have heard of is, at its core, a smart contract (or a set of them) implementing a specific financial logic. These work because the logic is well-defined, the inputs are on-chain, and the value of having the rules enforce themselves without trusted intermediaries is directly measurable.

Token contracts are the other huge category. Every ERC-20 token, every ERC-721 NFT, and every stablecoin on Ethereum is a smart contract whose job is to track balances and enforce transfer rules. This is a more restricted use of the “smart contract” concept — most token contracts just map addresses to balances and implement a standard interface — but the cumulative value sitting in token contracts is enormous, and the infrastructure that lets users track, trade, and interact with those tokens depends on the contracts being there.

Governance and DAOs use smart contracts to enforce voting rules, execute proposals, and manage treasury funds. The contract takes in votes, tallies them according to the rules, and if a proposal passes, the contract is what actually executes the resulting action (transferring funds, upgrading another contract, changing parameters). This has mixed success — DAO governance is often more theatre than substance — but the underlying mechanism is solid, and some DAOs have used it to make real decisions at scale.

The Ways Smart Contracts Go Wrong

Every high-profile crypto disaster of the last eight years has involved smart contracts going wrong in one way or another. The failure modes cluster into a few categories.

Bugs in the code. Smart contracts are programs, and programs have bugs. The DAO exploit in 2016 used a reentrancy bug in a contract that held roughly $150 million worth of ETH, and the consequences of that bug are still being felt (it led directly to the Ethereum Classic split). Subsequent years produced a steady stream of protocol exploits that were all, at their root, code bugs: bZx, Harvest Finance, Cream, Wormhole, Ronin, Nomad, Euler, Multichain, the list goes on. Audits help but do not catch everything, formal verification is expensive and rarely applied, and bugs in smart contracts are often discoverable only after they are exploited.

Upgrade and admin key risks. Many smart contracts are “upgradable”, meaning the team can change the code after deployment. This is a practical necessity for fixing bugs but also a loophole: whoever controls the upgrade key can effectively rewrite the rules, including rules that govern user funds. Projects that advertise themselves as decentralised while retaining upgrade powers on admin keys are common, and the trust model is not always what users think it is. The website l2beat.com tracks this for L2s but the same critique applies to many DeFi protocols on L1.

Oracle manipulation. A smart contract that relies on an external price feed is only as reliable as that feed. Several exploits have manipulated the underlying oracle (either by attacking a DEX being used as a price source, or by corrupting the oracle directly) to trick a contract into allowing unauthorised actions. The oracle manipulation era peaked in 2020-2021 and has tailed off as better oracle practices spread, but it has not disappeared entirely.

Human-layer social engineering. Some of the biggest losses have come from signers being tricked into approving malicious transactions, which is technically the smart contract working correctly — the signature was valid, the contract executed the requested function — but the user had been tricked about what they were signing. The Bybit $1.5 billion hack in 2025 fits this pattern; the multisig itself was not compromised, the signers’ review process was.

What Smart Contracts Actually Are, in the End

A smart contract is a useful primitive for implementing rules that should apply to everyone without a trusted third party to enforce them, and they are not a good fit for rules that need human judgment, contextual interpretation, or off-chain integration. The gap between what smart contracts can enforce and what real-world contracts need to handle is one of the reasons the more ambitious “smart contracts will replace lawyers” narrative from the 2014-2016 era did not play out. What actually happened is that smart contracts became the implementation layer for a specific set of financial primitives where automated enforcement is a clear win, and that layer is now big enough to have produced real innovation — and real losses — on its own terms.

Ethereum (ETH) The second largest cryptocurrency and the dominant smart contract platform. Launched in 2015, home to most of DeFi, NFTs and the broader Web3 ecosystem. Read definition EVM (EVM) Ethereum Virtual Machine. The runtime that executes smart contract bytecode on Ethereum and every chain that wants to be compatible with Ethereum's tooling. Read definition DApp (DApp) Decentralised application. A program whose backend is a set of smart contracts on a blockchain rather than a company's servers. Read definition DeFi (DeFi) Decentralised finance. The ecosystem of financial protocols built as smart contracts on public blockchains, mostly Ethereum. Read definition ERC-20 The Ethereum token standard that lets any smart contract define a fungible token with a consistent interface. The technical reason most 'crypto' is not actually a coin. Read definition Gas The metering unit that measures how much computation a transaction uses on Ethereum. The word everyone uses to describe on-chain transaction fees. Read definition