# Malicious Purposal Analysis 直接上etherscan資料，注意此為惡意提案 - https://etherscan.io/tx/0x96993d8baf553fe655a237dcee6104186939aa2a37a3e51ffbb5ac8bfad7338c 受害的智能合約在此，是Indexed Governor Alpha - https://etherscan.io/address/0x95129751769f99cc39824a0793ef4933dd8bb74b  <br> 來分析一下這份提案 - 首先執行了purpose function ``` Function: propose(address[] targets, uint256[] values, string[] signatures, bytes[] calldatas, string description) ``` - 之後看到提案內容  <br> 以下是詳細資料，可以看出是一個惡意提案 - 呼叫許多敏感function - setPendingAdmin - setMinter - transfer - 以上function都是受益於他自己的address ``` 2 signatures string[] setPendingAdmin(address) setMinter(address) transfer(address,uint256) transfer(address,uint256) transfer(address,uint256) transfer(address,uint256) 3 calldatas bytes[] 0x000000000000000000000000df0b30404ecbf0fd6905d7722f76b0a9d3da6e14 0x000000000000000000000000df0b30404ecbf0fd6905d7722f76b0a9d3da6e14 0x000000000000000000000000df0b30404ecbf0fd6905d7722f76b0a9d3da6e1400000000000000000000000000000000000000000003d920ec0d97dfc4862300 0x000000000000000000000000df0b30404ecbf0fd6905d7722f76b0a9d3da6e140000000000000000000000000000000000000000000007c37cfdf8e14f10ef22 0x000000000000000000000000df0b30404ecbf0fd6905d7722f76b0a9d3da6e1400000000000000000000000000000000000000000000043a19c6eb984ac90080 0x000000000000000000000000df0b30404ecbf0fd6905d7722f76b0a9d3da6e14000000000000000000000000000000000000000000000ac8eb6836f8c80759c8 ``` <br> 最後好險有成功被擋下來 - https://www.tally.xyz/gov/indexed/proposal/24?chart=0