Selector Collision Explained in Detail
The EVM dispatches functions by the first 4 bytes of keccak256(functionSignature). A selector collision occurs when two different signatures produce the same selector or when proxy routing treats a selector ambiguously.
Collisions are rare by chance, but proxy and diamond systems make selector routing security-critical.
Smart contract example
bytes4(keccak256("transfer(address,uint256)"))
That 4-byte value is what calldata uses to select a function.
Selector Collision in Auditing
In proxies and diamonds, selector routing decides which code runs. A collision or shadowed selector can expose admin functionality, block user functions, or dispatch to the wrong facet.
Auditors compute selectors across the full system, not just one contract.
Red flags in code
-
Proxy admin functions overlap implementation functions.
-
Diamond facets register duplicate selectors.
-
Low-level dispatch lacks a selector allowlist.
-
Function overloading creates reviewer confusion.
-
Upgrade adds a selector already used elsewhere.
How to test or review it
-
Compute selectors for all external functions.
-
Check proxy, implementation, and facet selectors together.
-
Test calls through the proxy or diamond, not only direct calls.
-
Review upgrade scripts for selector replacement behavior.
-
Confirm admin selectors are not exposed to normal users.