Sep 2024 - BaseBros Finance Bridge Audited Rug Pull - $130k (Global)
"Base is a secure, low-cost, builder-friendly Ethereum L2 built to bring the next billion users onchain.
Base is incubated within Coinbase and plans to progressively decentralize in the years ahead. We believe that decentralization is critical to creating an open, global cryptoeconomy that is accessible to everyone."
"ChainAudits accepted the BaseBros Fi audit request that included the Brewery, Strategy, FeeManager, and Staking contracts, all of which were later audited by [the ChainAudits] team. The Brewery and Strategy contracts included in the scope were 1:1 forks of Beefy Finance, that the team communicated to have sourced from their public Github repository. The Vault Contract however, which contained the backdoor vulnerability leading to the rug pull, was neither audited by [ChainAudits] nor verified on the blockchain."
"This morning, several security parties flagged suspicious transactions.
@SeamlessFi was not exploited.
@ChainAudits_io will publish a post-mortem. All further details will come from their official comms."
"On Sept. 13, BaseBros deleted its official website and social media accounts on X and Telegram. Blockchain security firm Chain Audits, who had previously audited some BaseBros smart contracts, found that the DeFi project orchestrated a rug pull via “an unaudited and unverified Vault contract.”"
"On 13.09.2024, BaseBros Fi on the Base blockchain deleted their entire social presence, including all accounts and messages, after gaining control of and draining ecosystem funds through an unaudited and unverified Vault contract. Our blockchain security company, ChainAudits, had audited 4 out of the 5 key smart contracts used in the project. Unfortunately, the contract that facilitated the rug pull (Vault Contract) was not included in our audit scope, nor is it verified on the blockchain."
Further Analysis
BaseBros Finance promised to launch a bridging service which would improve the user experience when moving between chains for new DeFi users. Four of their five smart contracts were audited by third party auditing service ChainAudits. However, the fifth smart contract was not audited and not even published on the blockchain. This allowed the BaseBros team to drain the smart contract and take all invested funds. ChainAudits has subsequently published a post-mortem. It does not appear that users are likely to get their funds back in this case, however investigation is ongoing.
How Could This Have Been Prevented?
More Cryptocurrency Exchange Hacks/Scams/Frauds
DeltaPrime Arbitrum Private Key Leaked > > < < OTSea Gray Hat Group Staking ID Hack
Sources/Further Reading
https://web.archive.org/web/20240916181825/https://hacked.slowmist.io/ (Dec 31)
https://cointelegraph.com/news/basebros-fi-defi-rug-pull-smart-contract-base (Dec 31)
@BaseBrosFi Twitter (Dec 31)
Projects/2024/BaseBrosFi/ChainAudits_PostMortem_BaseBros_Rug_Post_Mortem.pdf at main · ChainAudits/Projects · GitHub (Dec 31)
Base (Dec 31)
About Base | Base (Dec 31)
BaseBros (Dec 31)
- YouTube (Dec 31)
- YouTube (Dec 31)
GitBook (Dec 31)
@AerodromeFi Twitter (Dec 31)
@HalagaTomas Twitter (Dec 31)
@Austin_XX Twitter (Dec 31)
@AnHoang98181289 Twitter (Dec 31)
@shenqimumu Twitter (Dec 31)
@shivani8630 Twitter (Dec 31)
@CyversAlerts Twitter (Dec 31)
 t.me/QuadrigaInitiative
|
 /r/QuadrigaInitiative
|
 @QuadrigaInit
|
 info@quadrigainitiative.com
|