If the attack is working by essentially flooding Basecamp's network links until they reach capacity, then yes, it could. CloudFlare could simply filter out malicious traffic and only pass on legit requests to Basecamp.
That's obviously very much dependent on the kind of attack and whether CloudFlare has more network capacity than Basecamp (which I would imagine is highly likely).
That's obviously very much dependent on the kind of attack and whether CloudFlare has more network capacity than Basecamp (which I would imagine is highly likely).