{"id":15646355,"url":"https://github.com/pcaversaccio/tornado-cash-exploit","last_synced_at":"2026-03-15T16:32:39.891Z","repository":{"id":169534887,"uuid":"645527474","full_name":"pcaversaccio/tornado-cash-exploit","owner":"pcaversaccio","description":"This repository implements a simplified PoC that showcases how a contract can morph. A similar approach was used as part of the governance attack on Tornado Cash in May 2023.","archived":false,"fork":false,"pushed_at":"2024-12-19T10:28:47.000Z","size":103,"stargazers_count":48,"open_issues_count":0,"forks_count":9,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-12-19T11:32:44.492Z","etag":null,"topics":["create","create2","governance-attack","metamorphic-contracts","selfdestruct","tornado-cash"],"latest_commit_sha":null,"homepage":"https://github.com/tornadocash","language":"Solidity","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"wtfpl","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pcaversaccio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-05-25T21:26:07.000Z","updated_at":"2024-12-19T10:28:51.000Z","dependencies_parsed_at":null,"dependency_job_id":"4f205d4f-ee15-4728-8624-52bf90e8ff8b","html_url":"https://github.com/pcaversaccio/tornado-cash-exploit","commit_stats":null,"previous_names":["pcaversaccio/tornado-cash-exploit"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pcaversaccio%2Ftornado-cash-exploit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pcaversaccio%2Ftornado-cash-exploit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pcaversaccio%2Ftornado-cash-exploit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pcaversaccio%2Ftornado-cash-exploit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pcaversaccio","download_url":"https://codeload.github.com/pcaversaccio/tornado-cash-exploit/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":230445926,"owners_count":18227060,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["create","create2","governance-attack","metamorphic-contracts","selfdestruct","tornado-cash"],"created_at":"2024-10-03T12:12:33.323Z","updated_at":"2026-03-15T16:32:39.832Z","avatar_url":"https://github.com/pcaversaccio.png","language":"Solidity","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Tornado Cash Governance Attack via Metamorphic Contracts\n\n[![Test smart contracts](https://github.com/pcaversaccio/tornado-cash-exploit/actions/workflows/test.yml/badge.svg)](https://github.com/pcaversaccio/tornado-cash-exploit/actions/workflows/test.yml)\n[![License: WTFPL](https://img.shields.io/badge/License-WTFPL-blue.svg)](https://www.wtfpl.net/about/)\n\nThis repository implements a simplified [PoC](./test/MetamorphicContract.t.sol) that showcases how a contract can morph using a combination of [`CREATE2`](https://eips.ethereum.org/EIPS/eip-1014), `CREATE`, and `SELFDESTRUCT`. A similar approach was used as part of the [governance attack on Tornado Cash](https://x.com/samczsun/status/1660012956632104960)[^1] in May 2023.\n\n[^1]: A detailed post-mortem can be found [here](https://forum.tornado.ws/t/full-governance-attack-description/62), and a full technical replication (using [Foundry](https://github.com/foundry-rs/foundry)) of the attack [here](https://github.com/coinspect/learn-evm-attacks/tree/master/test/Business_Logic/TornadoCash_Governance).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpcaversaccio%2Ftornado-cash-exploit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpcaversaccio%2Ftornado-cash-exploit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpcaversaccio%2Ftornado-cash-exploit/lists"}