coinspect · nine-december · May 29, 2023
diff --git a/lib/forge-std b/lib/forge-std
diff --git a/lib/solmate b/lib/solmate
diff --git a/test/Business_Logic/TornadoCash_Governance/Attacker1Contracts.sol b/test/Business_Logic/TornadoCash_Governance/Attacker1Contracts.sol
@@ -25,6 +25,7 @@ contract Attacker1Contract {
 
     function deployMultipleContracts(uint256 amount) external {
         address newMinion;
+        console2.log("MINIONS WON'T APPROVE AND LOCK ZERO TORN");
         for (uint256 i = 0; i < amount;) {
             newMinion = address(new Attacker1Minion(msg.sender));
             console2.log("Deploying and preparing minion #%s at address: %s", i + 1, newMinion);
@@ -33,9 +34,10 @@ contract Attacker1Contract {
 
             // The following steps were performed by the attacker but are not necessary for the attack
             // The attack works if the next lines are commented.
-            tornToken.transferFrom(msg.sender, newMinion, 0);
-            Attacker1Minion(newMinion).attackTornado(Attacker1Minion.AttackInstruction.APPROVE);
-            Attacker1Minion(newMinion).attackTornado(Attacker1Minion.AttackInstruction.LOCK);
+            // ON THIS BRANCH WE COMMENT THIS LINES TO SHOW HOW THE ATTACK SUCCEEDS ANYWAYS
+            // tornToken.transferFrom(msg.sender, newMinion, 0);
+            // Attacker1Minion(newMinion).attackTornado(Attacker1Minion.AttackInstruction.APPROVE);
+            // Attacker1Minion(newMinion).attackTornado(Attacker1Minion.AttackInstruction.LOCK);
 
             unchecked {
                 ++i;

diff --git a/test/Business_Logic/TornadoCash_Governance/TornadoCash_Governance.sol b/test/Business_Logic/TornadoCash_Governance/TornadoCash_Governance.sol
@@ -239,21 +239,4 @@ contract Exploit_TornadoCashGovernance is TestHarness, TokenBalanceTracker {
         updateBalanceTracker(ATTACKER1);
         updateBalanceTracker(ATTACKER2);
     }
-
-    // New cheatcode created by @joaquinlpereyra @Coinspect merged in foundry at
-    // https://github.com/foundry-rs/foundry/pull/5033
-
-    // destroys an account inmediatly, sending the balance to beneficiary
-    // destroying means: balance will be zero, code will be empty, nonce will be zero
-    // similar to selfdestruct but not identical: selfdestruct destroys code and nonce
-    // only after tx ends, this will run inmediatly
-    function destroyAccount(address who, address beneficiary) internal virtual {
-        uint256 currBalance = who.balance;
-        vm.etch(who, abi.encode());
-        vm.deal(who, 0);
-        vm.resetNonce(who);
-
-        uint256 beneficiaryBalance = beneficiary.balance;
-        vm.deal(beneficiary, currBalance + beneficiaryBalance);
-    }
 }
+29 −0		.github/workflows/sync.yml
+2 −1		foundry.toml
+1 −1		lib/ds-test
+2 −2		package.json
+15 −8		src/Base.sol
+0 −14		src/Components.sol
+18 −6		src/Script.sol
+193 −26		src/StdAssertions.sol
+188 −47		src/StdChains.sol
+176 −65		src/StdCheats.sol
+92 −0		src/StdInvariant.sol
+30 −30		src/StdJson.sol
+2 −2		src/StdStorage.sol
+333 −0		src/StdStyle.sol
+121 −8		src/StdUtils.sol
+27 −6		src/Test.sol
+130 −13		src/Vm.sol
+400 −380		src/console2.sol
+73 −0		src/interfaces/IMulticall3.sol
+13,248 −0		src/safeconsole.sol
+412 −0		test/StdAssertions.t.sol
+115 −16		test/StdChains.t.sol
+206 −4		test/StdCheats.t.sol
+110 −0		test/StdStyle.t.sol
+231 −26		test/StdUtils.t.sol