So far Ethereum has looked a lot like Bitcoin wearing a fancier hat: accounts, balances, transactions, a fee called gas. This is the lesson where it stops being “Bitcoin with extra steps.” A smart contract — a program that lives on the chain and runs by itself — is the thing that turns Ethereum from a payment ledger into a global computer that anyone can deploy code to.
And almost everything you’ve heard about — stablecoins, NFTs, DeFi, governance tokens — is just smart contracts doing bookkeeping. Let’s demystify the whole stack.
A Smart Contract Is Code at an Address
Before we explain it — what do you think a smart contract fundamentally is?
A smart contract is a program that has been deployed to its own account on Ethereum. Recall from earlier that there are two kinds of accounts: ones controlled by a private key (your wallet), and ones controlled by code. A smart contract is the second kind. It has its own address, it has code (the rules it follows), and it has storage (its own persistent memory — the data it keeps between uses, like balances or settings).
Two words you’ll see constantly:
- Deploy — the one-time transaction that creates the contract, uploading its code to a fresh address. After that, the code is fixed.
- Call — invoking one of the contract’s functions (its named operations). A call can be a read (free, just looks at storage) or a transaction (costs gas, changes storage).
The cleanest analogy is a vending machine. You don’t negotiate with it, you don’t trust a clerk, and you can’t sweet-talk it into a free soda. You put in the correct input (coins + button), and the machine guarantees the output (your drink). The logic is sealed inside the box, visible through the glass, and runs the same way for everyone. A smart contract is a vending machine for digital value: send the right input, get the guaranteed output, no human in the loop.
Fill in the blanks.
Pick the right option for each blank, then check.
A smart contract is deployed to its own , and you make it run by performing a .
Because the code is public, anyone can read exactly what a contract will do before using it. And because it runs on every node identically, no single party can quietly change the rules mid-game.
Deterministic, Trustless, and Unstoppable — and Permanent Bugs
The vending-machine property has a glorious upside:
- Trustless — you don’t need to trust a counterparty (the other side of the deal). The code enforces the deal for both of you. No escrow agent skimming a fee, no “the check is in the mail.”
- Always on — a contract runs 24/7, holidays included, as long as Ethereum exists. No business hours, no “our servers are down.”
- Censorship-resistant — no company can flip a switch and ban you from calling a public function.
But “runs exactly as written, forever” cuts the other way too. If the code has a bug, that bug is also permanent and also runs exactly as written. There’s no manager to call, no “undo,” no fraud department. The slogan “code is law” sounds empowering until your law has a typo.
The history of Ethereum is dotted with contracts that did precisely what their (flawed) code said. A classic family of bugs is reentrancy, where a contract pays out before updating its own books, letting an attacker call back in and drain it repeatedly — the mechanism behind The DAO incident in Ethereum’s early days. The lesson isn’t “blockchains are broken”; it’s “immutable code raises the stakes on getting it right the first time.”
You don’t edit the deployed code — you architect around immutability. The common pattern is a proxy (upgradeable) contract: a thin, permanent front-door contract holds the address of a separate “logic” contract and forwards calls to it. To ship a fix, you deploy new logic and point the proxy at it — the address users interact with never changes. The other option is migration: deploy a fresh contract and move users/state over. Both cost real effort and add their own risks (a malicious upgrade is a real threat), which is why audits and immutability are taken so seriously.
A team deploys a lending contract with a subtle bug. Two days later it's exploited. What does 'code is law' imply here?
Tokens: Why They’re Just Bookkeeping
Here’s the single most important mental model in this lesson, and the one almost every beginner gets wrong.
A token is not a coin that flies around the chain. There are no little token objects zipping from wallet to wallet. A token is just a row in a table inside one contract. The contract keeps a mapping — think of it as a spreadsheet — of address => balance: who owns how much. Your “1,000 USDC” is literally a number stored next to your address in the USDC contract’s storage.
A transfer is therefore not a delivery. It’s an edit to the spreadsheet: the contract decrements the sender’s row and increments the receiver’s row by the same amount. Nothing moves; two numbers change. And because the contract only ever shifts value between rows, the total supply (the sum of all balances) stays exactly the same.
Play with it. Send some tokens between holders below and watch the total supply refuse to budge:
| Holder | Balance |
|---|---|
| Alice | 600 DEMO |
| Bob | 300 DEMO |
| Carol | 100 DEMO |
Total supply unchanged — only two rows moved
A token = a mapping(address => balance) inside one contract. A transfer just decrements one row and increments another — the total supply is conserved.
That conservation property is the whole reason a transfer can’t create or destroy money: the only thing the transfer function is allowed to do is move value between existing rows.
Your friend says 'when I send you a token, the token leaves my wallet and travels to yours across the network.' What's the accurate correction?
ERC-20: The Fungible-Token Standard
Most tokens — stablecoins, governance tokens, exchange tokens — are fungible. Fungible means every unit is identical and interchangeable, exactly like dollars: your $5 bill and my $5 bill are perfectly swappable; nobody cares which one they hold. One unit of a fungible token is worth and behaves like any other unit.
To make all these tokens work together, Ethereum has ERC-20, a standard. A standard (or interface) is just an agreed set of functions and events that a contract promises to implement. ERC-20 doesn’t dictate how a token works inside — it dictates the shape of the plug. As long as a token implements the ERC-20 functions, every wallet, exchange, and contract knows how to talk to it without custom code.
The analogy is USB: nobody coordinates with your keyboard’s manufacturer. Everyone agreed on the plug shape, so any USB device works in any USB port. ERC-20 is the USB port of money — agree on the interface once, and thousands of tokens interoperate for free.
The core ERC-20 functions:
| Function | What it does |
|---|---|
totalSupply | Returns the total number of tokens in existence (the sum of all rows). |
balanceOf | Returns how many tokens a given address owns (reads one row). |
transfer | Moves tokens from your balance to someone else’s (edits two rows). |
approve | Grants another address permission to spend up to some amount of your tokens. |
allowance | Returns how much an approved spender is still allowed to spend on your behalf. |
transferFrom | Lets an approved spender move tokens from your balance (within their allowance). |
The pair to understand is approve / allowance. Sometimes you want a contract (say, a decentralized exchange) to pull tokens out of your balance when you trade. You can’t hand it your private key, so instead you call approve to set an allowance — a spending limit it can use via transferFrom. Handy, but here’s the trap: many apps ask for an unlimited approval (a max allowance) to save you repeat transactions. If that contract is later compromised, the attacker can drain everything you approved. Approving only what you need, and revoking stale approvals, is basic hygiene.
Match each term to its meaning.
Pick a term, then click its definition.
ERC-721: Non-Fungible Tokens (NFTs)
Now flip the property. Non-fungible means each token has a unique ID and is not interchangeable. A $5 bill is fungible; a numbered concert ticket or a property deed is not — seat 3A is not seat 22F, and you very much care which one you hold.
ERC-721 is the standard for these NFTs (non-fungible tokens). Instead of a address => balance table, the core mapping is tokenId => owner: each unique tokenId points to exactly one owner address. balanceOf here counts how many distinct items you own, not a quantity of one fungible thing.
A crucial nuance: the interesting part of an NFT — the image, the JSON description, the traits — usually lives off-chain. Off-chain means stored outside Ethereum, typically on IPFS (a content-addressed file network) or a plain web URL. The contract just stores a pointer (a token URI) to that data. So when people say “I own the NFT,” what they own on-chain is the tokenId and a pointer to the artwork — not the pixels themselves. If the off-chain file disappears, the pointer can dangle. “You own a receipt that points at the art” is the honest framing.
| ERC-20 (fungible) | ERC-721 (non-fungible) | |
|---|---|---|
| Interchangeable? | Yes — every unit is identical | No — each item is unique |
| Core mapping | address => balance (an amount) | tokenId => owner (a unique id) |
| You hold | A quantity of one thing | Specific, individual items |
| Typical use | Currencies, stablecoins, governance | Art, collectibles, tickets, deeds |
There’s also ERC-1155 (the multi-token standard), which lets one contract manage both fungible and non-fungible tokens at once — handy for game items where you might have 500 identical potions and 1 unique sword.
Sort each example by what kind of token best models it.
Place each item in the right group.
- A governance token (1 vote = 1 token)
- A property deed
- Plain ETH-pegged reward points
- A one-of-a-kind digital artwork
- A dollar-pegged stablecoin
- A numbered concert ticket
Why Standards Matter
Standards are the quiet superpower of Ethereum. Because ERC-20 fixes the interface, a brand-new token works instantly in every existing wallet and decentralized exchange (DEX) — the day it deploys, no integration required. The exchange wrote its code against the standard, not against your specific token.
This unlocks composability, often called “money legos.” Each compliant contract is a brick with standard studs on top: a lending app can accept any ERC-20, a DEX can trade any ERC-20, and a third app can stack on both — without any of them having met. Interoperability and composability are why Ethereum became a developer ecosystem instead of a pile of incompatible one-off projects.
A startup launches a new ERC-20 token on Monday. Why can a major DEX list and trade it almost immediately?
The Big Picture
Big picture
Contracts & tokens
- Contracts & tokens
- Smart contract = code at an address
- Has code + storage
- Deploy once, then call functions
- Public & deterministic
- Trade-offs
- Trustless, 24/7, censorship-resistant
- Bugs are permanent (code is law)
- Upgrade via proxy / migration
- ERC-20 = fungible
- mapping(address => balance)
- transfer / approve / allowance
- ERC-721 = NFTs
- mapping(tokenId => owner)
- Metadata often off-chain
- Standards = interoperability
- Composability / money legos
- Smart contract = code at an address
Which best describes a smart contract?
Check your answer to continue.
Key Takeaways
What to remember
- A smart contract is code deployed to its own address, with storage, that runs deterministically when you call its functions — a vending machine for digital value.
- Contracts are trustless, always-on, and censorship-resistant — but bugs are permanent. “Code is law” cuts both ways; fixes ship via upgradeable/proxy patterns or migrations, not edits.
- A token is bookkeeping, not a coin: a row in one contract’s
address => balancetable. A transfer edits two rows; total supply stays constant. - ERC-20 is the fungible standard (identical, interchangeable units); ERC-721 is the non-fungible standard (unique
tokenId => owner, metadata often off-chain). ERC-1155 does both. - Standards = interoperability + composability (“money legos”): any compliant token works everywhere, instantly.
Contracts can hold value and enforce rules — but who runs the network that executes them, and what stops them from cheating? Next up: proof-of-stake and staking — how Ethereum secures itself by putting real money on the line.