The value of NORMIE plummeted 99% within minutes after an exploiter took advantage of a flaw in its smart contract. According to one developer’s analysis, the so-called attack has all the makings of an inside job.
Posted May 27, 2024 at 2:13 am EST.
Normie, a memecoin built on the Ethereum layer 2 network Base, shed $40 million off its market cap after an exploit increased its token supply.
According to analysis from pseudonymous crypto trader and developer“@ProfoundWatcher” on X, the exploiter took advantage of a flaw in the Normie smart contract, which allowed them to mint extra tokens.
Inside the transfer function (the function which is called anytime a token is transferred), there’s a bit of code that
1. Checks if the transfer is a buy
2. Checks if the recipient has sufficient approval (more on this later)
And if it passes both those mints extra tokens to… pic.twitter.com/lqxCloTHgf— Profound Watcher (@ProfoundWatcher) May 26, 2024
The developer found that the piece of code that allows this to happen has no reason to be included in the contract. The exploiter was able to buy 5 million tokens, give themselves the required permissions and then use a flash loan to fill up the contract account endlessly until they could drain it.
When one user asked whether this pointed to the exploit potentially being an inside job, Profound Watcher noted that it was “almost certain it’s someone involved with the team or whoever wrote the contract” unless it was a fork of some other project.
At the time of writing. Normie’s official X account had been suspended, but the project’s website was still up and running.
Centralized crypto exchange L Bank also noted that it had encountered an unusual number of NORMIE tokens that were possibly linked to the exploit.
Interestingly, messages encoded in blockchain transactions show that the Normie exploiter address reached out to the project’s deployer wallet address offering to return 90% of the exploited funds on the condition that the team uses 600 ETH in the developer wallet to fairly launch a new token to reimburse holders.
“Exploiter, we accept your offer to return 90% of the exploited ETH. You may keep 10%, no reprisals. All ETH from the normie dev wallet will be used to rectify this situation and assist our releaunch,” said the Normie team on X before its account was suspended.
Powered by WPeMatico