ALIEN BASE

DESCRIPTION OF EVENTS

Alien Base is a DeFi platform that combines the best of centralized exchange (CEX) usability with the privacy benefits of decentralized finance. Using its innovative Epsilon technology, Alien Base aggregates all pools on the Base network to optimize swap efficiency, offering faster and more cost-effective transactions. The platform also features a token generator and simple pool deployment tools, enabling users and developers to easily launch tokens and participate in DeFi with minimal effort. This integration of advanced technology creates a seamless, user-friendly experience for both traders and developers.

"The 'compound()' method collects liquidity yield between lower and upper ticks, then mints ALB to the pool. The attacker repeatedly leveraged it to arbitrage until the tick moved out of Bunnihub's position."

"The compound() function in the BunniHub contract collects trading fees from positions and utilizes them to add liquidity by calling the mint() function within the current tick range. This function is open for anyone to call.

The attacker exploited this by manipulating multiple pools and sandwiching the liquidity addition, which lacks proper slippage protection."

CertiK reports "a ~$27K loss". TenArmor reports "an approximately loss of $38K". SlowMist reports "a loss of approximately $38,000". BlockSec reports that "the loss in each transaction is small" but doesn't provide a total.

"BunniHub of @alienbasedex on base was attacked with multiple transactions. Though the loss in each transaction is small, it still shows the vulnerabilities existing in the smart contract."

The incident does not appear to be mentioned on Alien Base Twitter, although other exploits are mentioned there.

Explore This Case Further On Our Wiki

Alien Base is a DeFi platform that combines centralized exchange-like usability with the privacy benefits of decentralized finance. It uses Epsilon technology to aggregate pools on the Base network, offering faster and more cost-effective swaps. The platform also features a token generator and easy pool deployment tools, allowing users and developers to launch tokens effortlessly. However, the platform recently faced an exploit in its BunniHub contract, where an attacker exploited vulnerabilities in the compound() method to manipulate pools and arbitrage, resulting in losses ranging from $27K to $38K. Despite the issue, the exploit doesn't appear to have been publicly addressed on Alien Base's official Twitter.

@SlowMist_Team Twitter (Feb 14)
Alien Base | Linktree (Feb 14)
Alien Base (Feb 14)
Alien Base Docs | Alien Base (Feb 14)
@CertiKAlert Twitter (Feb 14)
@Phalcon_xyz Twitter (Feb 14)
https://www.coingecko.com/en/coins/alienbase (Feb 14)
Base Transaction Hash (Txhash) Details | BaseScan  (Feb 14)
@TenArmorAlert Twitter (Feb 14)
@TenArmorAlert Twitter (Feb 14)
Ethereum Transaction Hash (Txhash) Details | Etherscan  (Feb 14)

More case studies

Horse Coin (HORS) Smart
Contract Exploited

Holoworld AI Distribution
Phases Twitter/X Hack Phishing