On August 9, Coinbase officially launched the mainnet of Base network. As a new Layer2 network, Base inherits the security of Ethereum while providing users with faster and cheaper transaction services. In order to support the mainnet launch, Coinbase held an Onchain Summer Web3 Festival for several weeks. Coca cola, Nouns DAO and other projects all issued NFT on Base network. In addition, DeFi applications and social applications like Friend.tech also gained much attention, attracting more than $190 million funds into Base.

On August 25, the developers of Base and Optimism network jointly announced a revenue-sharing and governance-sharing agreement. According to the post, Base’s smart contracts can only be upgraded through a 2/2 multi-signature wallet. One signature is controlled by Base and the other is controlled by the Optimism network team (called the “Optimism Foundation”). As more and more chains choose to use OP Stack and become part of Optimism “superchain”, governance will be handed over to a “Security Committee” composed of representatives of all chains of the ecosystem.

It can be seen that the discussion about Base has been at a high level, but under such a boom, we have also found that security incidents on the Base chain are gradually increasing, and various Rug Pulls emerge in endlessly, which is exactly why Beosin continues to pay attention to the security of new public chains. Let us see what opportunities and security risks you will face on the Base network today.

Architecture of Base network

Base is a Layer2 network built on the OP Stack Bedrock version. Since Bedrock is a modular network architecture, which is divided into six layers, the architecture of Base is also the same with a slightly difference from Optimism:

1. Data Availability Layer

The data availability layer of Base, like Optimism, uses the Ethereum network module. Currently, Base can call the calldata and events of Ethereum, and will support the call data blob of EIP-4844 in the future.

2. Sequencing Layer

The index layer of Base is a single sequencer, that is, currently only Coinbase is the only sequencer on the Base network. This means Coinbase is the only entity validating, executing and ordering transactions on the network. This is also the main source of revenue for Coinbase on the Base network. After Base mainnet went live, Coinbase has earned approximately $2.6 million from its sequencer.

3. Derivation Layer

The derivation layers of Base and Optimism are basically the same. The inference layer defines how to process the raw data of the data availability layer, which can parse the original input data according to the current state of the system in the execution layer.

4. Execution Layer

The execution layers of Base and Optimism are basically the same, and op-geth is responsible for executing transactions. op-geth is an EVM execution module modified by the Optimism team. It mainly adds support for L2 transactions initiated on the Ethereum network and the calculation of gas required for publishing transactions on Ethereum.

5. Settlement Layer

The settlement layer of Base and Optimism currently adopts a single Attestation-based fraud proof, which will be replaced by the Cannon interactive fraud proof developed by Optimism in the future to conduct multiple rounds of off-chain interaction to resolve disputes.

6. Governance Layer

The governance layer of Base uses multi-signature contracts, while Optimism uses multi-signature contracts and the governance token $OP. The current Base network upgrade is determined by a 2/2 Gnosis Safe multi-signature contract (0x2304CB33d95999dC29f4CeF1e35065e670a70050). The two owners of this multi-sign contract are two multi-sign contracts respectively: a 5/7 multi-sign contract (0x28EDB11394eb271212ED66c08f2b7893C04C5D65) and a 3/6 multi-sign contract (base:0xd94E416cf2c7167608B2515B7e4102B41efff94f) to ensure the Base network security sex. In the future, Base, as one of the OP super chains, will transfer multi-signature governance authority to the security council composed of community members distributed around the world based on the “Law of Chains” governance framework proposed by Optimism. The council will be responsible for the OP super chain. upgrade.

The architecture of Base is summarized as follows:

Opportunities and Risks in Base Network

Currently, the number of Base ecological projects has exceeded 100, including but not limited to DeFi, cross-chain bridges, wallets, oracles, node providers, etc. Among them, Base’s native DeFi projects account for a large proportion of TVL and trading volume.

DeFi

1. Base Swap

BaseSwap is currently the DEX with the highest locked-up amount on Base, with a current TVL of over $50 million, providing users with exchanges, liquidity mining and NFT transactions. However, BaseSwap has not yet been included in the official website of Base and users should be aware of the risks of interaction.

2. Alien Base

Alien Base is currently the DEX with the second highest locked-up amount on Base, with a current TVL of over $21 million. Alien Base’s liquidity mining program allows users to provide liquidity and stake LP tokens to earn ALB tokens and platform revenue. Alien Base has also not been included in the official website of Base. Users should be aware of the risks of interaction.

SocialFi

1. Friend.tech

Friend.tech is a star project of the Base network, and it has been used by more than 100,000 users within two weeks of its official launch. Friend.tech’s positioning is to tokenize users’ influence. Users can purchase “Shares” of other users to gain the permission to communicate directly with other users. The current trading volume of Shares has exceeded US$34 million. Friend.tech and the peripheral products built around Friend.tech are worthy of attention.

At the same time, we need to pay attention to the privacy and security issues of Friend.tech. On the afternoon of August 21, Friend.tech caused the leakage of wallet addresses and Twitter account related information of 101,183 users due to its own API design problems. Beosin has previously analyzed this information in detail.

2. Cyber Connect

Web3 social application CyberConnect announced that CyberAccount has been launched on Base, introducing account abstraction supported by ERC-4337 into the Base network.

Rug pulls are increasing on the Base network. How can users avoid them?

When the Base mainnet was first launched, a Meme token called $BALD pumped 1000X overnight, attracting the attention of most traders in the market, but then staged a crash within a few seconds. Base network is currently very popular, but many projects do not disclose audit reports and team information and a lot of Rug pulls happened.

On July 31, the Beosin EagleEye security risk monitoring, early warning and blocking platform, a subsidiary of the blockchain security audit company Beosin, showed that the BALD token contract on the Base chain had a Rug pull.

On August 1, a flash loan attack occurred on the leetswap project on the Base chain . The attack mainly used the _transferFeesSupportingTaxTokens function in the pair contract. It allows anyone to use the function to transfer axlUSD in the pair contract, causing the token price to rise. The attacker can sell tokens for profit.

On August 15, the RocketSwap private key on the Base chain was leaked. On August 16, the SwirlLend project on the Base chain also had a Rug pull.

On August 25, a Rug pull occurred on Magnate Finance on the Base chain, involving an amount of approximately US$6.4 million. Beosin KYT tracking found that this deployer had “ran away” on two projects in the past, which are the $4.8 million Rug pull scam by the Solfire project on January 23, 2022, and the $5.5 million Rug pull scam by the Kokomo Finance project on March 27, 2023.

Therefore, Beosin recommends that users conduct detailed research on the project before participating in projects to understand the relevant risks of a project. Project teams should conduct a complete security audit before going online to avoid hacking and theft of funds. Beosin has now completed the audit of Tifo.trade, a decentralized perpetual contract trading platform on the Base chain. At the same time, we also recommend that more Base projects should focus on avoiding security risks.

Conclusion

The future of Base has more possibilities and also comes with complex security challenges. With the support of Coinbase, Base is currently in a favorable position and is expected to have a long-term impact on the Layer 2 ecosystem. However, challenges such as security, competitive pressure, community development and regulation are also increasing.

Base is faced with important choices on how to respond to these challenges and seize opportunities. As a new entrant into this dynamic and competitive field, Base will be closely connected with Web3 communities and industry stakeholders in the future. Beosin will also continue to pay attention to the security risks on the Base chain and protect the entire Base ecosystem.

As a world-leading blockchain security company, Beosin has established branches in more than 10 countries and regions around the world. Its business covers code security audits before projects go online, security risk monitoring, early warning and blocking, and virtual currency during project operation. Stolen asset recovery, security compliance KYT/AML and other “one-stop” blockchain security products + services, the company is committed to the safe development of the Web3 ecosystem and has provided blockchain security technology services to more than 3,000 companies around the world. Including HashKey Group, Amber Group, BNB Chain, etc., more than 3,000 smart contracts and public chain mainnets have been audited, including PancakeSwap, Ronin Network, OKCSwap, etc.

Contact

If you need any blockchain security services, welcome to contact us:

Official Website Beosin EagleEye Twitter Telegram Linkedin