what is the difference between smart signatures and smart contracts?
Yes, unfortunately, the word “contract” is sometimes used interchangeably to refer to a particular use of a Smart Signature or a Smart Contract. For example, here Delegated Approval it is said
For example, if Alice wants to set up a recurring payment with her utility company for up to 200 Algos every 50000 rounds, she creates a TEAL contract that encodes this logic
A Smart Signature is a piece of executable logic that can be used in a couple of ways.
The first way is that it is signed by someone and then sent to someone else. Let us say the Smart Signature is a program that just checks if the associated payment transaction is less then 10 Algo and only occurs once a month. The owner of an Account can sign that and give that signed program to someone else. That someone else can then use that Smart Signature as part of a new Payment Transaction from that Account (but only for less than 10 Algo and never more than once a month). It is a way of delegating access to that Account, under certain conditions. The embodiment of those conditions is the Smart Signature.
The second way is that the hash of the program itself is the Address of the Account. In this sense, every Smart Signature is associated with a program Account, because the hash of the program is an Address. So, you could make a program, hash it to get an Account Address, send funds to that Address, and then send the Smart Signature to someone else, and that Smart Signature would be applied to Payment transactions to withdraw those funds (for example). Of course, you could dream up other more complex or useful examples too.
With Smart Contracts however, the code is stored on the blockchain. You use an App Create Transaction to register some program on the blockchain at some Address. In addition, you can use the ABI to add “methods” to this program, and you can also add state to the program. In a sense, you can view the Smart Contract as a “Class”, a bit like a C++ class or any other from object oriented programming, and instances of that Smart Contract are the objects on the blockchain with their own Addresses.
You can then call the methods on those objects using App Call Transactions. This allows you to do all kinds of things. For example, you could make an automated escrow by deploying a Smart Contract to an address, and making it offer methods like “Int64 Create Escrow (participant list, final account)”, “Deposit To Escrow” etc etc.
Smart Contracts are programs that exist on the blockchain, can be identified by their Address, and can be used by various participants. Smart Signatures are programs that exist off the blockchain and are sent using other channels.
Going back to the ambiguous use of the word “contract.” This is merely because a “contract” can mean some kind of terms and conditions, an agreement, or rules around how transactions or accounts can be arranged. So, these contracts can, on Algorand, manifest as either Smart Signatures or Smart Contracts, but the use of the word “contract” there is intended more in the traditional, legal/financial sense.
you are a good man. @FrankS
Always at your service
To complement @FrankS 's excellent response:
nowadays, you should essentially only use smart contracts, unless you have a very specific use case for which smart signatures are better suited.
See Modern guidelines for smart contracts and smart signatures on Algorand - Algorand Developer Portal
Smart signatures are quite dangerous as they allow the one in possession of the smart signature to sign transactions on your behalf.
So you should never accept to sign a smart signature if you don’t fully trust the party asking for it.
Or you could do it but only with a non important account (without valuable assets).
It’s there a way to invalidate a smart signature
It’s there a way to invalidate smart signatures
If the smart signature does not include an invalidation logic, you won’t be able to invalidate it.
You can see this post which is related, and offers a way to integrate an invalidation logic into the smart signature (aka LogicSig) so that it can be used at most once :
Rekeying should invalidate logic sigs. However, this is a heavy operation.
That is why, as @ismax said, logicsigs are really not recommended.
Almost all use cases should now use smart contracts/applications.
There is no Algorand protocol mechanism built in for this.
However there are many options for constructing your own mechanisms.
Regardless, as Fabrice says, the use of Logic Signatures is discouraged.