(Multi)RolesAuthority | Auth.requiresAuth(): msg.sig value issue

[Theo6890]

Context

Create a custom ERC721 from solmate library with RolesAuthority to add specific access & management rights upon the ERC721.
Public repository

Issue

msg.sig & function MUST be the same on order to allow the user to take action on this specific function

• msg.sig == 0xa1448194

• bytes4(keccak256("safeMint(address, uint256)")) == 0x73700d38

• Set up as minting rights through safeMint

• Give Alice minting rights

As you can see minting fails to UNAUTHORIZED roles, which is all due to msg.sig.

Workaround

• Use if(isAuthorized(msg.sender, bytes4(keccak256("funcSig")))) revert("UNAUTHORIZED")

This is not the best way as the modifier is there to avoid adding this line in any functions requiring specific rights.

Conclusion

This means msg.sig is not reliable at all when a function with is called from another contract even if the user has the rights.

Source

Ethereum stack exchange issue