Function Selector Clash

Overview

• Severity: High
• Confidence: High
• Affected Versions: All

What is a Function Selector Clash?

A function selector clash occurs when two different function signatures hash to the same four-byte selector. In Solidity, when a function is called, the first four bytes of the keccak256 hash of the function signature are used to determine which function to execute. If two different functions generate the same selector, it can lead to serious issues, especially in upgradeable contracts.

Why are Function Selector Clashes Dangerous?

Function selector clashes are dangerous because:

• They can cause the wrong function to be executed when called externally
• In upgradeable contracts (especially those using the Diamond Pattern), they can accidentally replace existing functionality
• They can make contract interactions unpredictable and potentially break integrations
• They may be exploitable if an attacker can force calls to resolve to an unintended function

Technical Example of a Function Selector Clash

// Contract A
contract ExampleContract {
    function transferFrom(address from, uint256 amount) public {
        // Some implementation
    }
}

// Contract B (perhaps in an upgrade)
contract NewFeatures {
    function transfer(bool from, bytes32 amount) public {
        // Different implementation, but same selector!
    }
}

In this example, even though the functions have different names and parameters, they might generate the same selector. This is particularly problematic in upgradeable contracts where Contract B might be intended to add new functionality but instead overwrites existing functions.

How to Prevent Function Selector Clashes

contract SafeContract {
    // Instead of using problematic function names/parameters
    function transferFrom(address from, uint256 amount) public {
        // Implementation
    }

    // Rename or modify parameters to ensure unique selectors
    function executeTransfer(bool fromAccount, bytes32 amount) public {
        // Implementation
    }
    
    // Always verify selectors when adding new functions
    // Especially in upgradeable contracts
}

To prevent selector clashes:

• Always verify function selectors when adding new functions, especially in upgradeable contracts
• Use tools to detect potential clashes during development
• Consider using longer, more specific function names to reduce clash probability
• In diamond pattern contracts, maintain a registry of used selectors