By the end of this you will know exactly what lives at a contract address, why anyone can use it, why immutable does not mean safe, and what an audit actually is.
In checkpoint 3 you met the machine that replaced the teller. Picture it now as an employee made entirely of rules. You hired it once, forever. It cannot sleep, cannot quit, cannot be talked out of its job, and it serves anyone who walks up.
That employee lives at an address, just like your wallet does. Open the panel and you find three things behind the door: its rules, its memory, and its own pocket of money.
Here is the whole anatomy on one board. The employee has an address so the world can find it. It has code, the rules it follows. It has storage, its own memory of who owns what. And it has a balance, real money it holds in its own name.
A normal program on a company server has none of this on its own. This one does, because it lives on the ledger from checkpoint 9. The rules, the memory, and the money are all sitting in public, at one address.
The employee is sitting there, ready to work. A normal company app would ask who you are first. This one has no front desk and no sign-up.
Use both buttons on the board: once as a total stranger, once as the person who deployed it. Watch what is different.
So anyone can use it. The flip side is just as strange: nobody can argue with it. The employee will not stop because you are upset, will not bend the rules for a regular, will not make an exception because the situation is unusual.
Once the code is deployed, it runs exactly as written, every time, for everyone. There is no manager behind it to overrule a bad outcome. That reliability is the whole point, and as we are about to see, it is also the whole danger.
People say immutable like it is a badge of honor, but it is one side of a real trade-off. An immutable contract can never be tampered with, and can never be fixed. An upgradeable one keeps an admin key so the team can patch bugs, which also means that key-holder can change the rules under you.
Neither is automatically right. Immutable asks you to trust the code. Upgradeable asks you to trust whoever holds the key. The honest question is never which sounds purer, it is which kind of trust fits what the contract does.
Here is the quiet superpower from checkpoint 3, made literal. Because every employee can be called by anyone, an employee can call another employee. One contract reaches into a second, which reaches into a third, all inside a single transaction.
Contracts plugging into each other like this are called composable. It is how a swap can feed a loan can feed a deposit with no human stitching them together. It is also why a flaw in one employee can quietly travel into every other employee that calls it.
Now put the pieces together. The employee holds real money, runs frozen rules, and serves anyone, forever. In ordinary software a bug gets patched next Tuesday. Here a bug can be permanent, sitting on top of other people's funds, callable by anyone who notices it.
So the industry did the only sane thing: it created a job around reading the code carefully before it ships, while mistakes can still be fixed. That careful, adversarial reading has a name. It is called an audit, and the people who do it spend their days trying to break a contract on paper so it does not break with real money on it.
A friend is looking at a new protocol and reads you the pitch: the contract is immutable, so your money is safe. He says it like the two words mean the same thing.
You now know they do not. Pressure-test his claim.
It is easy to leave a lesson like this thinking everything should be a smart contract. Your friend, freshly converted, now wants his to-do list app rewritten as one.
Push back honestly. Most software gets better by being fixed often. Putting it on-chain trades that freedom away for a permanence it does not need.
So that is what lives at a contract address: an employee made of rules, with its own memory and its own money, open to anyone, frozen once it ships. You saw why anyone can call it, why immutable is a trade-off and not a guarantee, how they snap together, and why a whole profession exists to read their code before it goes live.
These employees run the marketplaces where you actually buy and sell. But the marketplaces come in two very different shapes: one where a company holds your coins, and one built straight from these contracts where no company touches them.
So next we open both kinds of marketplace and follow your money inside each one. CEX versus DEX, blueprints out.