Your First 90 DaysAcademy
Act II · The Machinery · Week 6 · Checkpoint 12

Under the Hood Smart Contracts

By the end of this you will know exactly what lives at a contract address, why anyone can use it, why immutable does not mean safe, and what an audit actually is.

10 steps~22 min3 nodes for your map
01 · The employee made of rules

In checkpoint 3 you met the machine that replaced the teller. Picture it now as an employee made entirely of rules. You hired it once, forever. It cannot sleep, cannot quit, cannot be talked out of its job, and it serves anyone who walks up.

That employee lives at an address, just like your wallet does. Open the panel and you find three things behind the door: its rules, its memory, and its own pocket of money.

02 · What is actually behind the door

Here is the whole anatomy on one board. The employee has an address so the world can find it. It has code, the rules it follows. It has storage, its own memory of who owns what. And it has a balance, real money it holds in its own name.

A normal program on a company server has none of this on its own. This one does, because it lives on the ledger from checkpoint 9. The rules, the memory, and the money are all sitting in public, at one address.

03 · Try calling it yourself

The employee is sitting there, ready to work. A normal company app would ask who you are first. This one has no front desk and no sign-up.

Use both buttons on the board: once as a total stranger, once as the person who deployed it. Watch what is different.

Use both buttons.
04 · It cannot be talked out of it

So anyone can use it. The flip side is just as strange: nobody can argue with it. The employee will not stop because you are upset, will not bend the rules for a regular, will not make an exception because the situation is unusual.

Once the code is deployed, it runs exactly as written, every time, for everyone. There is no manager behind it to overrule a bad outcome. That reliability is the whole point, and as we are about to see, it is also the whole danger.

05 · The honest nuance: a trade-off, not a virtue

People say immutable like it is a badge of honor, but it is one side of a real trade-off. An immutable contract can never be tampered with, and can never be fixed. An upgradeable one keeps an admin key so the team can patch bugs, which also means that key-holder can change the rules under you.

Neither is automatically right. Immutable asks you to trust the code. Upgradeable asks you to trust whoever holds the key. The honest question is never which sounds purer, it is which kind of trust fits what the contract does.

A team proudly labels its contract upgradeable. What did they just gain, and what did they just ask of you?
06 · Employees that call other employees

Here is the quiet superpower from checkpoint 3, made literal. Because every employee can be called by anyone, an employee can call another employee. One contract reaches into a second, which reaches into a third, all inside a single transaction.

Contracts plugging into each other like this are called composable. It is how a swap can feed a loan can feed a deposit with no human stitching them together. It is also why a flaw in one employee can quietly travel into every other employee that calls it.

07 · Why a profession grew around reading code

Now put the pieces together. The employee holds real money, runs frozen rules, and serves anyone, forever. In ordinary software a bug gets patched next Tuesday. Here a bug can be permanent, sitting on top of other people's funds, callable by anyone who notices it.

So the industry did the only sane thing: it created a job around reading the code carefully before it ships, while mistakes can still be fixed. That careful, adversarial reading has a name. It is called an audit, and the people who do it spend their days trying to break a contract on paper so it does not break with real money on it.

08 · Immutable is not the same as safe

A friend is looking at a new protocol and reads you the pitch: the contract is immutable, so your money is safe. He says it like the two words mean the same thing.

You now know they do not. Pressure-test his claim.

Scenario
Why does immutable not prove the contract is safe?
09 · Should everything be a contract?

It is easy to leave a lesson like this thinking everything should be a smart contract. Your friend, freshly converted, now wants his to-do list app rewritten as one.

Push back honestly. Most software gets better by being fixed often. Putting it on-chain trades that freedom away for a permanence it does not need.

Limit test
Your friend wants his to-do list app turned into an immutable smart contract. Where is he wrong?
10 · The machines run the marketplaces

So that is what lives at a contract address: an employee made of rules, with its own memory and its own money, open to anyone, frozen once it ships. You saw why anyone can call it, why immutable is a trade-off and not a guarantee, how they snap together, and why a whole profession exists to read their code before it goes live.

These employees run the marketplaces where you actually buy and sell. But the marketplaces come in two very different shapes: one where a company holds your coins, and one built straight from these contracts where no company touches them.

So next we open both kinds of marketplace and follow your money inside each one. CEX versus DEX, blueprints out.

your balance2,400
BANK_DBowner: the bank
you2,400
what the app is actually showing you
BANK_DBowner: the bank
you2,400their pen
you hold a claim. they hold the pen.
your digital life
BANK · you2,400the bank ✍
INSTAGRAM · you2.1M followersMeta ✍
STEAM · you134 gamesValve ✍
AIRLINE · you58,200 milesthe airline ✍
four tables. zero pens that are yours.
BANK_DBowner: the bank
you2,400
DENIED
try both pens
PLATFORM_DBowner: the platform
her · 8 years2,000,000 followers
one automated decision away
BANK_DB · you · 2,400intentcompetencecontinuity
your row stands on all three
FTX_DBowner: FTX
you5 BTC
the backing vault●●●●●
the row stayed. the backing did not.
CARD_DBowner: your bank ✍
TV you never bought−1,100
fraud reversal+1,100
someone holds the pen, so someone can fix it
?_DBowner: nobody
youstill yours?
?
can a table exist that nobody owns?
?
?_DBowner: ̶n̶o̶b̶o̶d̶y̶
you100
no owner, no pen, no trust?
keeper 1
you100
keeper 2
you100
keeper 3
you100
keeper 4
you100
keeper 5
you100
no THE copy, only copies.
keeper 2
you100
keeper 3
you100
keeper 4
you100
keeper 5
you100
your copy
you100
five copies. one of them is yours.
one attacker
one attacker, ten thousand faces.
real machinesburned wattsnext page, sealed
writing costs watts. faking voters buys nothing.
cost paid OUTSIDE: hardware and power
proof of work, burn energy to vote.
page 1you · 100page 2you · 100page 3you · 100page 4you · 100
rewrite one line, break every lock after it.
office lunchtrusted keeperconsensusfive keepers, real cost
the price buys trustlessness. the office already has trust.
?
ownerless ledger
you?
a key, not a login?
nobody owns the table. so who owns your row?
smart-contract-internalscomposabilityaudit

Three new nodes on your map

smart-contract-internals · composability · audit · +10 Lynx