$130 000 USD

SEPTEMBER 2024

GLOBAL

BASEBROS FINANCE

DESCRIPTION OF EVENTS

"Base is a secure, low-cost, builder-friendly Ethereum L2 built to bring the next billion users onchain.

 

Base is incubated within Coinbase and plans to progressively decentralize in the years ahead. We believe that decentralization is critical to creating an open, global cryptoeconomy that is accessible to everyone."

 

"ChainAudits accepted the BaseBros Fi audit request that included the Brewery, Strategy, FeeManager, and Staking contracts, all of which were later audited by [the ChainAudits] team. The Brewery and Strategy contracts included in the scope were 1:1 forks of Beefy Finance, that the team communicated to have sourced from their public Github repository. The Vault Contract however, which contained the backdoor vulnerability leading to the rug pull, was neither audited by [ChainAudits] nor verified on the blockchain."

 

"This morning, several security parties flagged suspicious transactions.

 

@SeamlessFi was not exploited.

 

@ChainAudits_io will publish a post-mortem. All further details will come from their official comms."

 

"On Sept. 13, BaseBros deleted its official website and social media accounts on X and Telegram. Blockchain security firm Chain Audits, who had previously audited some BaseBros smart contracts, found that the DeFi project orchestrated a rug pull via “an unaudited and unverified Vault contract.”"

 

"On 13.09.2024, BaseBros Fi on the Base blockchain deleted their entire social presence, including all accounts and messages, after gaining control of and draining ecosystem funds through an unaudited and unverified Vault contract. Our blockchain security company, ChainAudits, had audited 4 out of the 5 key smart contracts used in the project. Unfortunately, the contract that facilitated the rug pull (Vault Contract) was not included in our audit scope, nor is it verified on the blockchain."

 

Explore This Case Further On Our Wiki

BaseBros Finance promised to launch a bridging service which would improve the user experience when moving between chains for new DeFi users. Four of their five smart contracts were audited by third party auditing service ChainAudits. However, the fifth smart contract was not audited and not even published on the blockchain. This allowed the BaseBros team to drain the smart contract and take all invested funds. ChainAudits has subsequently published a post-mortem. It does not appear that users are likely to get their funds back in this case, however investigation is ongoing.

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2019 - 2025 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.