Function Selector Collision

Overview

The function selector collision detector identifies contracts where two or more functions share the same 4-byte selector (the first 4 bytes of keccak256(signature)). In transparent proxy patterns, a collision between a proxy admin function and an implementation function means calls intended for one will execute the other, potentially giving unauthorized users admin access or causing calls to silently execute the wrong logic.

Why This Is an Issue

The EVM dispatches external calls using a 4-byte function selector. With only 2^32 possible selectors, collisions are statistically feasible to find (birthday problem) and can be constructed deliberately. In proxy contracts, a selector collision between the proxy’s admin functions and the implementation’s user-facing functions is particularly dangerous — users calling a business function may inadvertently trigger a proxy upgrade, or admin calls may execute user logic in the wrong storage context.

How to Resolve

// Before: Proxy and implementation share selector 0x12345678
// Proxy: function upgradeAdmin(address) -> 0x12345678
// Impl:  function collideFunc(address)  -> 0x12345678

// After: Use transparent proxy pattern (EIP-1967)
// Admin functions only accessible from admin address
// User calls always delegated to implementation
// Or rename functions to avoid collision

Use OpenZeppelin’s TransparentUpgradeableProxy, which routes calls based on msg.sender to avoid selector collision issues entirely.

Detection Methodology

1. Selector extraction: Computes the 4-byte selector for every public/external function in the contract.
2. Collision detection: Checks for duplicate selectors within the contract and, for proxies, across the proxy and implementation.
3. Proxy pattern awareness: When a proxy pattern is detected (DELEGATECALL dispatch), selectors from both the proxy and implementation are compared.
4. Severity scoring: Collisions involving admin or upgrade functions receive higher severity than collisions between read-only functions.

Limitations

False positives: Contracts that intentionally override inherited functions will share a selector by design. False negatives: If the implementation contract address is not available for analysis, cross-contract collision detection is not possible.

Related Detectors

• Storage Collision — detects storage slot collisions in proxy patterns
• Diamond Collision — detects facet selector collisions in EIP-2535
• Access Control — detects missing authorization checks

References

• EIP-1967: Proxy Storage Slots
• EIP-2535: Diamonds, Multi-Facet Proxy
• Solidity Docs — Function Selector