I am talking from an application perspective. Think this --> U have an input field, someone gonna state Hey I am the owner of contract X, he put's in the contract address he put in the input fielkd. Next he is connected via metramask wallet to the application (presumably with the deployer account via Metamask). How can I verify he is actually the owner of the contract.

Withoput calling any contract function

Cuz this function might not exist

because I didnt code the contract myself

@v_nko

I mean on the website he claims I am owner of contract x by putting the contract address into an input. He is connected via metamask and I have his accounts how can I verify by having his accounts and the contract address he claims to be the owner of, that he actually IS the OWNER

Can u go into detail mayber I dont understand properly what u mean

bro WTF 😄

Is that so hard to understand?

No Bro I write code 😄

hahaha

I have a webapp whre the user inputs the contract address he claims he owns, then he is connected with his metamask to my webapp, so I have his accounts, how can I verify from my frontend, that he is the owner of the contract he claims he is

you mean in the contrasct cosntructor?`

what does that mean?

https://ethereum.stackexchange.com/questions/35486/how-to-verify-metamask-account-holder-is-the-real-owner-of-the-address

You can use that to verify the ownership of an address and then either compare it to the deployer or, if existing, the owner of a contract.

unfortunately I cannot follow the explanation how would signing a message reveal an address as the deployer address of a smart contract?

A user can sign a message with an address and then anyone can verify the hash the user received to proof if the user really did sign that message. I don't know tho how exactly that technically works

Well Signing and PKI I understand, but I want to identifiy an address (account) as the deployer of a smart contract. Is the Smart Contract address generated with the deployer address as input? So Are they cryptographically tied together, such as Private/Public key?

I thought you wanted to confirm that someone owns address X? The deployer is callable via for example Etherscan's API

But don't forget, the deployer isn't always the owner as of having permissions to do something. Depending on what you need you'd either call the deployer or need to get the owner variable

Thx for ur explanation yes that I am aware of best would be to have the owner variable of a contract always available to call, is it?

Is this always publicly available?

If the contract has an owner, there's always a function to call that owner. Some contracts don't have an owner, since ownership is only needed when there are functions that should be accessed with permission only (minting, burning, etc.).

But you'd still have the problem that everyone can say "I own the owner address", so then you can let them sign a message

Well that is shitty 😄 It's getting more complicated in detail, like always with coding 😄 For example how does Etherscan do it? For example when u want to add information to etherscan for a certain project, how do they verify u are eligible to edit information or request it.

@ryptok see here, but I dont understand the process behind, How is trhat verifying that the signing address is the contract owner --> https://info.etherscan.com/how-to-verify-address-ownership/

Oh wow. 5 days a week? Or whenever needed?

Cool, I wish I'd be better in solidity haha

Good luck to all participants

I wish I knew solidity lmao

They asks the deployer address to sign a sample message and compare the public key of signer with that of deployer

Yeah I saw that. When I ask for the transaction Hash of the contract creation, ethers js is showing whether the TX created something if a contract were created it holds the value of the contract address and the from attribute holds the deployer address. I simply could compare in the first instance whether it's the same account as the one who claims to be and then sign and compare it.