Function Selector Hijacking

Function selector hijacking occurs when an attacker triggers an unintended function in a contract by providing a crafted function selector. In the EVM, functions are identified by a 4-byte selector derived from the function signature.

If a contract's fallback function is not properly designed, an attacker might be able to invoke sensitive functions that were not intended to be public. This can lead to unauthorized access or the manipulation of protocol state.

Security audits focus on ensuring that function dispatching is robust and that fallback functions do not inadvertently expose internal logic. This is a subtle but critical vulnerability that can bypass standard access control checks.

Protecting against this requires careful design of the contract's entry points and internal dispatch logic.