If a mainnet contract has no way of accessing important data for testing, you can use vm.eth_getLogs to parse out events data and assert.

I ran into this with OZ AccessControl checking DEFAULT_ADMIN_ROLE for a deployment ACL configuration test.

Senior SC Engineer building SparkLend ⚡️⚡️⚡️
Ex-Maple SC Tech Lead 🥞
Ex-Maker SC Engineer 🌹
Foundry shill 🔥⚒️

The picture shows the syntax for this, code here

The picture shows the syntax for this, code here https://github.com/marsfoundation/xchain-dsr-oracle/blob/ccc55365ec31e4874833e3d2379a90fa74ea86bc/test/DSROracleConfigs.t.sol#L38

I could assert that the deployer didn't have it, but I couldn't demonstrate that no one else had the role. 

The only way to do so is to check all the `RoleGranted` event logs and prove that no other addresses have been granted this role.

💸 🍖THE CHANNEL IS /LP THE TICKER IS TN100X 🍖💸 @lucas-manuel
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀
🍖 x 8