QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$130 000 USD
SEPTEMBER 2024
GLOBAL
BASEBROS FINANCE
DESCRIPTION OF EVENTS

"Base is a secure, low-cost, builder-friendly Ethereum L2 built to bring the next billion users onchain.
Base is incubated within Coinbase and plans to progressively decentralize in the years ahead. We believe that decentralization is critical to creating an open, global cryptoeconomy that is accessible to everyone."
"ChainAudits accepted the BaseBros Fi audit request that included the Brewery, Strategy, FeeManager, and Staking contracts, all of which were later audited by [the ChainAudits] team. The Brewery and Strategy contracts included in the scope were 1:1 forks of Beefy Finance, that the team communicated to have sourced from their public Github repository. The Vault Contract however, which contained the backdoor vulnerability leading to the rug pull, was neither audited by [ChainAudits] nor verified on the blockchain."
"This morning, several security parties flagged suspicious transactions.
@SeamlessFi was not exploited.
@ChainAudits_io will publish a post-mortem. All further details will come from their official comms."
"On Sept. 13, BaseBros deleted its official website and social media accounts on X and Telegram. Blockchain security firm Chain Audits, who had previously audited some BaseBros smart contracts, found that the DeFi project orchestrated a rug pull via “an unaudited and unverified Vault contract.”"
"On 13.09.2024, BaseBros Fi on the Base blockchain deleted their entire social presence, including all accounts and messages, after gaining control of and draining ecosystem funds through an unaudited and unverified Vault contract. Our blockchain security company, ChainAudits, had audited 4 out of the 5 key smart contracts used in the project. Unfortunately, the contract that facilitated the rug pull (Vault Contract) was not included in our audit scope, nor is it verified on the blockchain."
BaseBros Finance promised to launch a bridging service which would improve the user experience when moving between chains for new DeFi users. Four of their five smart contracts were audited by third party auditing service ChainAudits. However, the fifth smart contract was not audited and not even published on the blockchain. This allowed the BaseBros team to drain the smart contract and take all invested funds. ChainAudits has subsequently published a post-mortem. It does not appear that users are likely to get their funds back in this case, however investigation is ongoing.
https://web.archive.org/web/20240916181825/https://hacked.slowmist.io/ (Oct 15)
https://cointelegraph.com/news/basebros-fi-defi-rug-pull-smart-contract-base (Oct 21)
@BaseBrosFi Twitter (Oct 21)
Projects/2024/BaseBrosFi/ChainAudits_PostMortem_BaseBros_Rug_Post_Mortem.pdf at main · ChainAudits/Projects · GitHub (Oct 21)
Base (Oct 21)
About Base | Base (Oct 21)
BaseBros (Oct 21)
- YouTube (Oct 21)
- YouTube (Oct 21)
GitBook (Oct 21)
@AerodromeFi Twitter (Oct 21)
@HalagaTomas Twitter (Oct 21)
@Austin_XX Twitter (Oct 21)
@AnHoang98181289 Twitter (Oct 21)
@shenqimumu Twitter (Oct 21)
@shivani8630 Twitter (Oct 21)
@CyversAlerts Twitter (Oct 21)
