What Is Smart Contract in Crypto?

A smart contract is code deployed to a blockchain that runs when invoked and whose execution is guaranteed by the network's consensus. Every function call is a transaction; every state change is recorded on-chain. Uniswap's pool contracts, Aave's lending contracts, and the ERC-20 token standard are all smart contracts — and collectively they're what makes DeFi possible.

Also known as: crypto smart contract, onchain contract

Ask Stingray anything about Smart Contract

How smart contracts work

A smart contract on Ethereum (and similar EVM chains):

  1. The developer writes the logic in Solidity or Vyper, compiles to EVM bytecode.
  2. They deploy it via a transaction — the contract is now a permanent address on the blockchain.
  3. Anyone can call the contract’s public functions by sending a transaction.
  4. Validators execute the code deterministically; every node reaches the same final state.
  5. State changes (balances, mappings, storage variables) persist on-chain, with full history.

Unlike a regular database, the code is immutable once deployed (modulo upgrade patterns built into the contract itself), and execution is trustless — you don’t need to trust the deployer to run the code as written because every validator runs the same logic.

Common smart-contract patterns

  • Token contracts (ERC-20, ERC-721 NFTs, ERC-1155) — track ownership and transfers.
  • AMM pools — hold reserves and price trades via the constant-product formula.
  • Lending protocols — accept collateral, issue loans, enforce LTV and liquidation logic.
  • Multisig wallets — require N-of-M signatures for transactions.
  • DAOs — voting, proposal execution, treasury management.
  • Bridges — lock/mint, verify external proofs.

The composability property is the real magic: a contract can call another contract’s functions, which can call more contracts, all in a single atomic transaction. Yearn vaults depositing into Curve pools that route through Uniswap and compound into Aave — every DeFi user invokes 5-10 contracts per action.

Risks and considerations

Smart-contract bugs are the dominant attack surface in DeFi. The “code is law” ideal collides with the reality that code has bugs. Notable classes:

  • Re-entrancy — the infamous The DAO exploit (2016), which drained $60M and caused Ethereum’s hard fork.
  • Integer overflow — fixed by Solidity 0.8+ built-in checks, but pre-0.8 contracts still run in production.
  • Oracle manipulation — using a flash loan to push a price feed off-market, then exploiting the contract that depends on that feed.
  • Access control bugs — admin functions callable by anyone, initialization functions re-entrant across deploys.
  • Governance exploits — accumulating enough governance tokens to pass malicious proposals.

Professional audits from firms like Trail of Bits, OpenZeppelin, Spearbit, and Code4rena reduce but don’t eliminate risk. Protocols with long deployment history (Uniswap V2 from 2020, MakerDAO) have been battle-tested; newer forks, even of well-audited code, can carry subtle bugs in the modifications.

For users, the practical advice: prefer protocols with multi-year deployment histories and open-source, audited contracts. Never deploy significant capital to a protocol in its first month. Watch for admin-key centralization — who controls upgrades, and can they drain the contract?

Related terms

Blockchain A blockchain is an append-only database maintained by a distributed network of computers (nodes) that agree on its contents via a consensus mechanism. Gas Fee A gas fee is the payment a user makes to have a transaction included in a blockchain block. Validator A validator is a participant in a proof-of-stake blockchain who locks tokens as collateral and is then eligible to propose or attest to new blocks. Oracle An oracle is a service that brings off-chain data (prices, weather, election results, API responses) onto a blockchain so smart contracts can act on it.