# Malicious Purposal Analysis
直接上etherscan資料,注意此為惡意提案
- https://etherscan.io/tx/0x96993d8baf553fe655a237dcee6104186939aa2a37a3e51ffbb5ac8bfad7338c
受害的智能合約在此,是Indexed Governor Alpha
- https://etherscan.io/address/0x95129751769f99cc39824a0793ef4933dd8bb74b
<br>
來分析一下這份提案
- 首先執行了purpose function
```
Function: propose(address[] targets, uint256[] values, string[] signatures, bytes[] calldatas, string description)
```
- 之後看到提案內容
<br>
以下是詳細資料,可以看出是一個惡意提案
- 呼叫許多敏感function
- setPendingAdmin
- setMinter
- transfer
- 以上function都是受益於他自己的address
```
2 signatures string[] setPendingAdmin(address)
setMinter(address)
transfer(address,uint256)
transfer(address,uint256)
transfer(address,uint256)
transfer(address,uint256)
3 calldatas bytes[] 0x000000000000000000000000df0b30404ecbf0fd6905d7722f76b0a9d3da6e14
0x000000000000000000000000df0b30404ecbf0fd6905d7722f76b0a9d3da6e14
0x000000000000000000000000df0b30404ecbf0fd6905d7722f76b0a9d3da6e1400000000000000000000000000000000000000000003d920ec0d97dfc4862300
0x000000000000000000000000df0b30404ecbf0fd6905d7722f76b0a9d3da6e140000000000000000000000000000000000000000000007c37cfdf8e14f10ef22
0x000000000000000000000000df0b30404ecbf0fd6905d7722f76b0a9d3da6e1400000000000000000000000000000000000000000000043a19c6eb984ac90080
0x000000000000000000000000df0b30404ecbf0fd6905d7722f76b0a9d3da6e14000000000000000000000000000000000000000000000ac8eb6836f8c80759c8
```
<br>
最後好險有成功被擋下來
- https://www.tally.xyz/gov/indexed/proposal/24?chart=0
Sign in via Google
Sign in via Facebook
Sign in via X(Twitter)
Sign in via GitHub
Sign in via Dropbox
Sign in with Wallet
Connect another wallet