Alien Base Compound Liquidity Yield Collection Issue

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Alien Base Logo/Homepage

Alien Base is a DeFi platform that combines centralized exchange-like usability with the privacy benefits of decentralized finance. It uses Epsilon technology to aggregate pools on the Base network, offering faster and more cost-effective swaps. The platform also features a token generator and easy pool deployment tools, allowing users and developers to launch tokens effortlessly. However, the platform recently faced an exploit in its BunniHub contract, where an attacker exploited vulnerabilities in the compound() method to manipulate pools and arbitrage, resulting in losses ranging from $27K to $38K. Despite the issue, the exploit doesn't appear to have been publicly addressed on Alien Base's official Twitter.[1][2][3][4][5][6][7][8][9][10][11]

About Alien Base

Alien Base is a DeFi platform that combines the best of centralized exchange (CEX) usability with the privacy benefits of decentralized finance. Using its innovative Epsilon technology, Alien Base aggregates all pools on the Base network to optimize swap efficiency, offering faster and more cost-effective transactions. The platform also features a token generator and simple pool deployment tools, enabling users and developers to easily launch tokens and participate in DeFi with minimal effort. This integration of advanced technology creates a seamless, user-friendly experience for both traders and developers.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

Alien Base suffered an exploit in their smart contract.

Key Event Timeline - Alien Base Compound Liquidity Yield Collection Issue
Date Event Description
January 9th, 2025 12:31:23 PM MST Exploit Transaction On Base An exploit transaction happens on the Base blockchain.
January 9th, 2025 7:39:00 PM MST SlowMist Twitter/X Post SlowMist posted about "potential suspicious activity" related to Alien Base.
January 9th, 2025 8:34:00 PM MST BlockSec Phalcon Tweet Made BlockSec shares a tweet with multiple transactions included, noting that "the loss in each transaction is small" and "the vulnerabilities [are still] existing in the smart contract".
January 9th, 2025 8:46:00 PM MST CertiK Posting Exploit Tweet CertiK posts an analysis of the malicious transaction and cause behind it.
January 9th, 2025 10:09:00 PM MST TenArmor Alert Tweet Posted TenArmor posts an alert tweet about the exploit further.
January 10th, 2025 5:51:11 AM MST Ethereum Attack Transaction An attack on the Ethereum version of the smart contract.
January 10th, 2025 6:12:00 AM MST TenArmor Reports Ethereum Exploit TenArmor reports "another attack again, this time on eth".

Technical Details

"The 'compound()' method collects liquidity yield between lower and upper ticks, then mints ALB to the pool. The attacker repeatedly leveraged it to arbitrage until the tick moved out of Bunnihub's position."

"The compound() function in the BunniHub contract collects trading fees from positions and utilizes them to add liquidity by calling the mint() function within the current tick range. This function is open for anyone to call.

The attacker exploited this by manipulating multiple pools and sandwiching the liquidity addition, which lacks proper slippage protection."

Total Amount Lost

CertiK reports "a ~$27K loss". TenArmor reports "an approximately loss of $38K". SlowMist reports "a loss of approximately $38,000". BlockSec reports that "the loss in each transaction is small" but doesn't provide a total.

The total amount lost has been estimated at $38,000 USD.

Immediate Reactions

"BunniHub of @alienbasedex on base was attacked with multiple transactions. Though the loss in each transaction is small, it still shows the vulnerabilities existing in the smart contract."

Ultimate Outcome

The incident does not appear to be mentioned on Alien Base Twitter, although other exploits are mentioned there.

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. @SlowMist_Team Twitter (Accessed Feb 14, 2025)
  2. Alien Base | Linktree (Accessed Feb 14, 2025)
  3. Alien Base (Accessed Feb 14, 2025)
  4. Alien Base Docs | Alien Base (Accessed Feb 14, 2025)
  5. @CertiKAlert Twitter (Accessed Feb 14, 2025)
  6. @Phalcon_xyz Twitter (Accessed Feb 14, 2025)
  7. https://www.coingecko.com/en/coins/alienbase (Accessed Feb 14, 2025)
  8. Base Transaction Hash (Txhash) Details | BaseScan (Accessed Feb 14, 2025)
  9. @TenArmorAlert Twitter (Accessed Feb 14, 2025)
  10. @TenArmorAlert Twitter (Accessed Feb 14, 2025)
  11. Ethereum Transaction Hash (Txhash) Details | Etherscan (Accessed Feb 14, 2025)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Alien_Base_Compound_Liquidity_Yield_Collection_Issue&oldid=6555"