function selector clashes between proxy and implementation can shadow critical admin functions

# function selector clashes between proxy and implementation can shadow critical admin functions A Solidity function selector is the first 4 bytes of the keccak256 hash of its signature, meaning different function names can produce identical selectors. Since the proxy and implementation share the same function namespace through [[delegatecall executes code from another contract using the callers storage context|delegatecall]], a selector collision means the proxy intercepts calls intended for the implementation (or vice versa). This can silently shadow critical admin functions like `upgradeTo` or lock upgrade paths entirely. Transparent proxy patterns address this by routing admin calls separately from user calls based on the caller's address. Since [[abi types are not self-describing so the decoder must know the interface to interpret values]], selector-only routing provides no type safety — the 4-byte selector is all that distinguishes functions. CPIMP weaponizes intentional per-selector routing: since [[CPIMP function-selector routing enables selective operation hijacking by mapping individual selectors to custom implementations while passing all other calls through to the legitimate protocol]], CPIMP's shadow implementation uses a dispatch table to intercept only specific functions (e.g., transfers), making targeted theft stealthy because the protocol otherwise functions normally. --- Relevant Notes: - [[delegatecall executes code from another contract using the callers storage context]] — the mechanism that creates the shared namespace - [[abi types are not self-describing so the decoder must know the interface to interpret values]] — selector-based routing lacks type metadata - [[storage layout must remain consistent across proxy implementation versions]] — another constraint on proxy architecture alongside selector management - [[CPIMP function-selector routing enables selective operation hijacking by mapping individual selectors to custom implementations while passing all other calls through to the legitimate protocol]] — the attacker-weaponized version: intentional per-selector dispatch routing specific operations to malicious implementations Topics: - [[vulnerability-patterns]]