Smart Contract
A smart contract is a self-executing program stored on a blockchain that automatically enforces agreement terms when conditions are met.
Key Takeaways
- A smart contract is code deployed on a blockchain that executes automatically when predefined conditions are triggered, removing the need for intermediaries. Nick Szabo coined the term in 1994, comparing them to vending machines that enforce transaction rules mechanically.
- Ethereum's EVM is the most widely deployed smart contract platform, powering decentralized exchanges, lending protocols, and token issuance. Bitcoin Script takes a deliberately limited approach, enabling timelocks, multisig, and hash locks without Turing completeness.
- Bitcoin's smart contract capabilities are expanding through Taproot, RGB Protocol, and discreet log contracts, while Spark uses FROST threshold signatures to keep its protocol simple, auditable, and secure.
What Is a Smart Contract?
A smart contract is a self-executing program stored on a blockchain that automatically enforces the terms of an agreement when specified conditions are met. Once deployed, the contract runs exactly as programmed: no party can alter it, and no intermediary is needed to verify or enforce the outcome.
The concept was first described by computer scientist Nick Szabo in 1994. Szabo defined a smart contract as "a computerized transaction protocol that executes the terms of a contract," and used the analogy of a vending machine: you insert the correct amount, the machine dispenses the product, and no human middleman is involved. He expanded on the idea in his 1996 paper "Smart Contracts: Building Blocks for Digital Free Markets," outlining how cryptographic protocols could enforce contractual conditions automatically.
Szabo's vision remained largely theoretical until Ethereum launched in July 2015, providing the first widely adopted platform for deploying arbitrary smart contract logic on-chain. Today, smart contracts underpin decentralized autonomous organizations, automated market makers, NFTs, and the broader DeFi ecosystem.
How It Works
Smart contracts follow a straightforward lifecycle: write, deploy, and execute. The specifics vary by blockchain, but the core process is consistent.
- A developer writes contract logic in a high-level language (Solidity for Ethereum, Clarity for Stacks, or Bitcoin Script for Bitcoin)
- The code is compiled into bytecode and submitted to the network in a transaction
- Validators include the contract in a block, assigning it a unique on-chain address
- Users interact with the contract by sending transactions to that address with the appropriate parameters
- When conditions encoded in the contract are satisfied, the contract executes automatically and updates blockchain state
Because every node in the network validates the execution, smart contracts inherit the security and immutability of the underlying blockchain. No single party can tamper with the outcome.
Ethereum's EVM
The Ethereum Virtual Machine (EVM) is the most widely deployed smart contract runtime. Developers write contracts in Solidity, which compiles to EVM bytecode. The EVM uses a stack-based architecture with a 256-bit word size, enabling native hashing and elliptic curve operations.
Because the EVM is Turing-complete (it supports loops and arbitrary computation), it requires a gas fee mechanism to prevent infinite execution. Each operation consumes a specified amount of gas, and transactions that exceed their gas limit revert. This design tradeoff enables rich programmability at the cost of execution complexity and potential attack surface.
Ethereum's smart contract ecosystem has grown substantially. In Q4 2025, a record 8.7 million contracts were deployed in a single quarter. As of early 2026, DeFi protocols on Ethereum hold approximately $70 billion in total value locked, representing roughly 68% of multichain DeFi TVL.
// Solidity: simple token transfer contract
pragma solidity ^0.8.0;
contract SimpleEscrow {
address public buyer;
address public seller;
uint256 public amount;
bool public released;
constructor(address _seller) payable {
buyer = msg.sender;
seller = _seller;
amount = msg.value;
}
function release() external {
require(msg.sender == buyer, "Only buyer");
require(!released, "Already released");
released = true;
payable(seller).transfer(amount);
}
}Bitcoin Script
Bitcoin takes a fundamentally different approach. Bitcoin Script is a Forth-like, stack-based language that is intentionally not Turing-complete. It has no loops, no recursion, and no persistent state. Every script terminates in bounded, predictable time, which eliminates an entire class of denial-of-service attacks that plague Turing-complete systems.
Despite these constraints, Bitcoin Script enables powerful spending conditions:
- Timelocks via OP_CHECKLOCKTIMEVERIFY and OP_CHECKSEQUENCEVERIFY for time-restricted spending
- Multisig via OP_CHECKMULTISIG for multi-party authorization
- Hash locks that form the basis of hash time-locked contracts, powering the Lightning Network and cross-chain atomic swaps
# Bitcoin Script: 2-of-3 multisig
OP_2
<pubkey_A>
<pubkey_B>
<pubkey_C>
OP_3
OP_CHECKMULTISIGFor a deeper comparison of Bitcoin's scripting capabilities and Ethereum's programmability, see the Bitcoin Script programmability research article.
Expanding Bitcoin's Capabilities
Several innovations are extending what Bitcoin can do without sacrificing its security model:
- Taproot (activated November 2021 at block 709,632): introduces Pay-to-Taproot outputs, Schnorr signatures, and MAST (Merkelized Alternative Script Trees). Complex spending conditions are compressed into a Merkle tree where only the exercised branch is revealed on-chain, improving privacy and efficiency. See the Taproot and Schnorr signatures deep dive for details.
- RGB Protocol: uses client-side validation to keep smart contract data off the Bitcoin blockchain entirely. Contracts exist as standalone shards validated only by participants, with single-use seals over Bitcoin UTXOs ensuring state uniqueness. The RGB Protocol research article covers its architecture in depth.
- Discreet log contracts (DLCs): proposed by Tadge Dryja in 2017, DLCs enable two parties to settle bets or derivatives based on oracle-published outcomes. The on-chain footprint is indistinguishable from a regular multisig transaction. Read the DLC deep dive for more.
Use Cases
Token Issuance
Smart contracts standardize how digital assets are created and transferred. Ethereum's ERC-20 standard defines a common interface for fungible tokens (over 450,000 contracts deployed), while ERC-721 enables non-fungible tokens representing unique assets like artwork or in-game items. These token standards account for the vast majority of token transaction volume across EVM-compatible chains.
Decentralized Finance
DeFi protocols are smart contracts that replicate financial services without intermediaries. Decentralized exchanges use automated market makers to enable permissionless trading. Lending protocols automate collateralized borrowing. Flash loans allow unsecured borrowing and repayment within a single transaction. As of early 2026, the global DeFi market is valued at approximately $37 billion.
Escrow and Conditional Payments
Smart contracts naturally solve the escrow problem: funds are locked in the contract and released only when conditions are met. No trusted third party holds the money. This pattern applies to marketplace transactions, freelance payments, insurance claims, and any scenario requiring conditional fund release.
Governance
DAOs use smart contracts to encode organizational rules. Governance token holders vote on proposals, and approved actions execute automatically. Treasury management, parameter changes, and protocol upgrades can all be governed by code rather than by central authority.
Why It Matters for Bitcoin
Bitcoin's conservative scripting model prioritizes security and predictability over expressiveness. This is a deliberate design choice: every Bitcoin node must validate every transaction, so unbounded computation would create denial-of-service risks. But this constraint means Bitcoin alone cannot support the full range of DeFi applications.
Layer 2 protocols bridge this gap. Spark, for example, achieves instant self-custodial Bitcoin transfers without deploying arbitrary smart contracts on-chain. Instead, Spark uses FROST threshold signatures in a 2-of-2 signing model: the user holds one key and a distributed set of operators collectively holds the other via FROST. Neither party can move funds unilaterally, and users can always exit to Bitcoin L1 without operator permission.
This approach keeps the protocol simple and auditable. FROST produces standard Schnorr signatures, so Spark transactions that settle to L1 are indistinguishable from ordinary Taproot spends. On-chain observers cannot determine whether a threshold signature scheme was involved at all.
Risks and Considerations
Code Vulnerabilities
Smart contracts are immutable once deployed: bugs cannot be patched without deploying a new contract. The most infamous example is the 2016 DAO hack on Ethereum, where a reentrancy vulnerability allowed an attacker to drain 3.6 million ETH (approximately $60 million at the time). The attacker recursively called the withdraw function before balances were updated, siphoning funds repeatedly in a single transaction. This incident led to a controversial hard fork that split Ethereum into ETH and Ethereum Classic.
Other common vulnerability types include integer overflow, front-running (where attackers observe pending transactions and submit competing ones with higher fees), and oracle manipulation that feeds false price data into contract logic.
Bridge and Cross-Chain Risks
Smart contracts that bridge assets between chains have been frequent targets. The Ronin Bridge hack in March 2022 resulted in approximately $620 million in losses when attackers compromised private keys. The Wormhole Bridge exploit in February 2022 cost approximately $320 million. These incidents highlight that smart contract security extends beyond the code itself to include key management and operational security.
Complexity vs. Security
There is an inherent tension between expressiveness and security. Turing-complete systems like Ethereum's EVM enable powerful applications but introduce a large attack surface. Bitcoin's intentionally limited scripting model avoids these risks at the cost of flexibility. Protocols like Spark navigate this tradeoff by keeping cryptographic operations minimal and well-audited rather than supporting arbitrary programmable logic.
Regulatory Uncertainty
Smart contracts that handle financial assets may fall under securities, commodities, or money-transmission regulations depending on jurisdiction. The "code is law" principle does not override legal obligations, and developers of DeFi protocols face increasing regulatory scrutiny as smart contract adoption grows.
This glossary entry is for informational purposes only and does not constitute financial or investment advice. Always do your own research before using any protocol or technology.