Startseite › Glossar › Smart Contract
Glossar · Crypto
Smart Contract
A computer program running autonomously on a blockchain that enforces predefined logic — the technical foundation of DeFi, stablecoins, NFTs and decentralised organisations.
Self-executing code on the blockchain
A smart contract is a computer program running on a blockchain that automatically executes predefined logic once certain conditions are met. Unlike a classic contract it needs no notary, no court and no human intermediary — enforcement is delivered by the protocol itself. The term was coined as far back as 1994 by cryptographer Nick Szabo; it only became technically realisable with Ethereum from 2015.
Smart contracts are the technical foundation of virtually the entire ecosystem of decentralised applications: DeFi protocols (Uniswap, Aave, Compound), stablecoins, NFT standards (ERC-721, ERC-1155), DAOs and all modern layer-2 solutions rely on smart contracts on Ethereum or other smart-contract chains (Solana, Cardano, Avalanche, BNB Chain).
Technical foundations
On Ethereum, smart contracts are most often written in the Solidity programming language and compiled into bytecode that runs on the Ethereum Virtual Machine (EVM). Each contract receives a unique address and can be "called" by users or other contracts via transactions. Execution consumes gas — a unit of computation whose price is paid as a gas fee and compensates miners or validators for running it.
Once deployed, smart contracts are generally immutable — the code lives forever in the protocol. Fixes require either preplanned upgrade mechanisms (proxy patterns) or deployment of a new contract version with user migration. This "code is law" property is both strength (tamper-resistance) and weakness (bugs cannot simply be patched).
Risks and audits
The history of smart contracts is also a history of spectacular security failures: the DAO hack of 2016 (USD 60 million lost), Parity Wallet 2017 (USD 300 million frozen), Ronin Bridge 2022 (USD 625 million taken by North Korea's Lazarus Group), Poly Network 2021 (USD 610 million) and countless smaller DeFi hacks have shown that smart contracts can be mathematically precise yet economically vulnerable.
Professional projects therefore have their code reviewed by specialised audit firms such as OpenZeppelin, Trail of Bits, ConsenSys Diligence or CertiK — typical fees range from USD 50,000 to USD 500,000 per audit. Even the best audit, however, delivers no absolute guarantee.
Legal classification in the EU
The MiCA Regulation explicitly recognises smart contracts in Article 30: crypto-asset service providers must operate "robust IT security protocols" and are liable for the proper functioning of the smart contracts they deploy. A pure-code contract without an identifiable provider (a fully decentralised DEX protocol, for instance) currently sits in a regulatory grey zone under ESMA's reading.
Under Austrian and German civil law, smart contracts are still treated as digital declarations of intent — the smart contract implements an agreement but is not itself the "contract" in the legal sense. Someone harmed by a bug can in theory bring a civil claim, but in practice has trouble identifying a liable provider.
What investors often ask
Can I inspect a smart contract myself? Yes — for verified contracts the source code is viewable on block explorers such as Etherscan. For unverified contracts only the bytecode is visible, which makes risk assessment harder.