/tornado-cash-exploit

This repository implements a simplified PoC that showcases how a contract can morph. A similar approach was used as part of the governance attack on Tornado Cash in May 2023.

Primary LanguageSolidityDo What The F*ck You Want To Public LicenseWTFPL

Tornado Cash Governance Attack via Metamorphic Contracts

Test smart contracts License: WTFPL

This repository implements a simplified PoC that showcases how a contract can morph using a combination of CREATE2, CREATE, and SELFDESTRUCT. A similar approach was used as part of the governance attack on Tornado Cash1 in May 2023.

Footnotes

  1. A detailed post-mortem can be found here, and a full technical replication (using Foundry) of the attack here.