Skip to main content
DigitalFinances

Glossary · Crypto basics

What is Smart contract?

A program stored on a blockchain that executes automatically when called. Once deployed, the rules are public and the code runs without intermediaries — for better and worse.

Last updated April 30, 2026

How it works

A smart contract is just code — typically Solidity on Ethereum or Rust on Solana — deployed to a blockchain at a permanent address. Once deployed, anyone can interact with it by sending a transaction that calls one of its functions. Validators run the code, update the contract's stored state, and record the result in the next block.

Two properties make smart contracts powerful:

  1. Public and verifiable. The bytecode is on-chain. Anyone can read it, and audited contracts ship with their human-readable Solidity for verification.
  2. Trust-minimized. No one — including the developer — can intervene mid-execution. A swap fills, a loan liquidates, a vesting schedule unlocks, all on schedule, without anyone "approving" it.

Example

Uniswap V2 is a single smart contract deployed at 0x5C69bEe701ef814a2B6a3EDD4B1652CB9cc5aA6f. Anyone can:

  1. Call swap() to trade tokens against the pool's liquidity
  2. Call addLiquidity() to deposit a token pair and earn fees
  3. Read getReserves() to see the current pool balance

Uniswap Labs (the company) deployed the contract and built a frontend, but they don't hold custody of any funds. The contract holds them. If Uniswap Labs went out of business tomorrow, the contract would keep working as long as Ethereum keeps producing blocks.

Why it matters

Smart contracts are the engine behind every DeFi primitive: lending markets (Aave, Compound), DEXs (Uniswap, Curve), liquid staking (Lido), perps (GMX, dYdX), stablecoins (DAI), governance (DAOs). They also power NFT collections, on-chain games, and prediction markets.

The flip side of the trust-minimized model is that bugs are catastrophic. A vulnerability in deployed code can drain millions of dollars before anyone notices, and there's typically no rollback. The Ronin Bridge ($625M, 2022), Wormhole Bridge ($320M, 2022), and Euler Finance ($197M, 2023) exploits all hit smart-contract vulnerabilities. The fix is auditing before deployment, time-locked admin controls, bug bounties, and (controversially) sometimes upgradeable contracts that can be patched at the cost of some trust assumptions.

When interacting with a contract, the fundamental due-diligence questions are: who deployed it, has it been audited (and by whom), how long has it held funds without incident, and does the team have admin keys that could drain it? Reading the deployment address on Etherscan and checking it against the project's official documentation is the minimum bar.

Related terms

BlockchainDecentralized exchange (DEX)Automated market maker (AMM)Gas feesRug pull

Read more