<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
	<id>https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?action=history&amp;feed=atom&amp;title=Normie_Smart_Contract_Tax_Vulnerability</id>
	<title>Normie Smart Contract Tax Vulnerability - Revision history</title>
	<link rel="self" type="application/atom+xml" href="https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?action=history&amp;feed=atom&amp;title=Normie_Smart_Contract_Tax_Vulnerability"/>
	<link rel="alternate" type="text/html" href="https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Normie_Smart_Contract_Tax_Vulnerability&amp;action=history"/>
	<updated>2026-07-14T17:54:35Z</updated>
	<subtitle>Revision history for this page on the wiki</subtitle>
	<generator>MediaWiki 1.39.1</generator>
	<entry>
		<id>https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Normie_Smart_Contract_Tax_Vulnerability&amp;diff=6026&amp;oldid=prev</id>
		<title>Azoundria: Created page with &quot;{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/normiesmartcontracttaxvulnerability.php}} {{Unattributed Sources}}  Normie Logo/HomepageNormies NFT is a NFT project with a goal of engaging millions of normal people onto the Base blockchain. Unfortunately, the project had a vulnerability which allowed an individual with the same balance as the team deployer wallet to execute special elevated permissions. Th...&quot;</title>
		<link rel="alternate" type="text/html" href="https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Normie_Smart_Contract_Tax_Vulnerability&amp;diff=6026&amp;oldid=prev"/>
		<updated>2024-09-17T19:42:45Z</updated>

		<summary type="html">&lt;p&gt;Created page with &amp;quot;{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/normiesmartcontracttaxvulnerability.php}} {{Unattributed Sources}}  &lt;a href=&quot;/cryptocurrencyhackscamfraudwiki/index.php?title=File:Normienft.jpg&quot; title=&quot;File:Normienft.jpg&quot;&gt;thumb|Normie Logo/Homepage&lt;/a&gt;Normies NFT is a NFT project with a goal of engaging millions of normal people onto the Base blockchain. Unfortunately, the project had a vulnerability which allowed an individual with the same balance as the team deployer wallet to execute special elevated permissions. Th...&amp;quot;&lt;/p&gt;
&lt;p&gt;&lt;b&gt;New page&lt;/b&gt;&lt;/p&gt;&lt;div&gt;{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/normiesmartcontracttaxvulnerability.php}}&lt;br /&gt;
{{Unattributed Sources}}&lt;br /&gt;
&lt;br /&gt;
[[File:Normienft.jpg|thumb|Normie Logo/Homepage]]Normies NFT is a NFT project with a goal of engaging millions of normal people onto the Base blockchain. Unfortunately, the project had a vulnerability which allowed an individual with the same balance as the team deployer wallet to execute special elevated permissions. The hacker later offered to return 90% of the funds if the project agreed to relaunch and distribute funds to affected users.&amp;lt;ref name=&amp;quot;slowmisthackedarchive-14201&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;panewslab-14234&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;normiebasetwitter-14235&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;normiebase-14236&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;coindesk-14237&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;cryptovibe-14238&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;cryptonews-14239&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;beincrypto-14240&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;basescan-14241&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;quickintelaitwitter-14242&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;lookonchaintwitter-14243&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;cryptopotato-14244&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;certik-14245&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;basescan-14246&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;cryptonews-14247&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;basescan-14248&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== About Normies ==&lt;br /&gt;
&amp;quot;ON A MISSION TO ONBOARD THE NEXT 1,000,000 $NORMIES TO BASE CHAIN.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;We are devoted to sharing our message to all the normies, and that's what the community expects from you, to help us transmit the message. May our vision be spread in a warm and human way, normie to normie.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
== The Reality ==&lt;br /&gt;
This sections is included if a case involved deception or information that was unknown at the time. Examples include:&lt;br /&gt;
&lt;br /&gt;
* When the service was actually started (if different than the &amp;quot;official story&amp;quot;).&lt;br /&gt;
* Who actually ran a service and their own personal history.&lt;br /&gt;
* How the service was structured behind the scenes. (For example, there was no &amp;quot;trading bot&amp;quot;.)&lt;br /&gt;
* Details of what audits reported and how vulnerabilities were missed during auditing.&lt;br /&gt;
&lt;br /&gt;
== What Happened ==&lt;br /&gt;
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot;&lt;br /&gt;
|+Key Event Timeline - Normie Smart Contract Tax Vulnerability&lt;br /&gt;
!Date&lt;br /&gt;
!Event&lt;br /&gt;
!Description&lt;br /&gt;
|-&lt;br /&gt;
|May 25th, 2024 9:41:53 PM MDT&lt;br /&gt;
|Attack Transaction&lt;br /&gt;
|The attack transaction as later analyzed by CertiK.&lt;br /&gt;
|-&lt;br /&gt;
|May 25th, 2024 11:48:00 PM MDT&lt;br /&gt;
|Normies Tweet Posted&lt;br /&gt;
|The Normies team posts a tweet update to highlight their commitment to use 500 ETH to make the situation right.&lt;br /&gt;
|-&lt;br /&gt;
|May 26th, 2024 1:56:15 AM MDT&lt;br /&gt;
|Negotation From Hacker&lt;br /&gt;
|The exploiter reaches out on the blockchain to offer a 90% return of funds if the project will agree to relaunch and reimburse holders.&lt;br /&gt;
|-&lt;br /&gt;
|May 27th, 2024 1:33:00 AM MDT&lt;br /&gt;
|CoinDesk Article&lt;br /&gt;
|A CoinDesk article is published about the exploit.&lt;br /&gt;
|-&lt;br /&gt;
|May 27th, 2024 2:18:07 PM MDT&lt;br /&gt;
|CryptoPotato Article&lt;br /&gt;
|CryptoPotato reports on the attacker contacting the Normies team to negotiate a 90% return of funds if the project is guaranteed to relaunch.&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
== Technical Details ==&lt;br /&gt;
&amp;quot;According to community feedback, the Base ecosystem's meme coin NORMIE has been attacked. The attacker exploited a design flaw in the NORMIE token's cross-chain bridge, manipulating the price on the Base Chain using flash loans. Since transactions with NORMIE on the Base Chain incur taxes, these taxes are automatically directed to a wallet controlled by the project team. The attacker injected a large amount of funds into this wallet via flash loans, significantly diluting the token's supply and causing a flash crash in the price.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;The vulnerability here is that any address receiving the same number of tokens as the deployer’s balance is added as a premarket_user. Any address in this list triggers a mint of NORMIE tokens to the contract itself.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;The attacker began by swapping 171,955 NORMIE tokens for 2 WETH. Later, they swapped 5 million NORMIE. This amount corresponded with the balance of the deployer account. By swapping an amount of tokens equal to the balance of the deployer, the address of the attack contract was added to the _premarket_user list, which enabled further manipulation.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;Next, the attacker flash-loaned 11,333,141 NORMIE tokens and swapped 9,066,513 for 65.97 WETH. This exchange was part of a strategy to manipulate the token supply and consequently, value. Repeated transfers of 2,266,628 NORMIE were made to the pair, followed by a calls to the skim() function to withdraw them.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;Since the attack contract was recognized as a premarket_user, the token contract added NORMIE tokens its own address (address(this)).&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;When the balance exceeds a threshold, the swapAndLiquify mechanism is triggered to sell 4.65 million newly minted NORMIE each time.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;Finally, the attacker swapped 0.5 WETH for approximately 11,040,494 NORMIE at a lower price, which enable them to repay the flash loan of NORMIE tokens.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
== Total Amount Lost ==&lt;br /&gt;
SlowMist reports $490k.&lt;br /&gt;
&lt;br /&gt;
The total amount lost has been estimated at $490,000 USD.&lt;br /&gt;
&lt;br /&gt;
== Immediate Reactions ==&lt;br /&gt;
&amp;quot;PANews reported on May 26 that according to community user feedback, the price of NORMIE, the Meme coin of the Base ecosystem, plummeted by 87.3% due to a flash loan attack and is now reported at $0.005. The attacker took advantage of the design flaws of the NORMIE token cross-chain bridge to manipulate the price on the Base Chain through flash loans. Since NORMIE transactions on the Base Chain will be taxed, the tax will automatically go to the wallet controlled by the project party. The attacker injected a large amount of funds into the wallet through flash loans, thereby greatly diluting the token supply and causing the price to crash. Some users said that NORMIE has a vulnerability that allows attackers to mint new tokens. The total supply has now reached 214% of the theoretical maximum supply.&lt;br /&gt;
&lt;br /&gt;
At present, the NORMIE team said that there are more than 500 ETH in its deployment wallet, which will be used to solve this problem. The team is actively contacting key partners to seek solutions and calls on users not to buy NORMIE tokens until further confirmation. The NORMIE team said that they are still deciding whether to restart or fork the project and will provide more updates as soon as possible.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
== Ultimate Outcome ==&lt;br /&gt;
&amp;quot;In an on-chain message to Normie’s deployer address on May 26, the hacker offered to return 90% of the stolen NORMIE tokens, stipulating that the remaining 10% be kept as a bug bounty with no reprisals.&lt;br /&gt;
&lt;br /&gt;
The hacker also demanded that the stolen funds, along with the 600 ETH worth approximately $3,900 in the team’s dev wallet, be used to launch a new token to reimburse NORMIE holders.&lt;br /&gt;
&lt;br /&gt;
“We will have to re-launch, yes,” stated Normie’s team via a newly established X account following the suspension of their main one. “That will come after we get our main Twitter account back and after we get the funds from the exploiter,” Normie added. However, the temporary account was also suspended shortly after that.&lt;br /&gt;
&lt;br /&gt;
Meanwhile, the hacker wouldn’t compromise on their strict terms, insisting that a token relaunch must precede the return of funds. “The dev wallet made significantly more than I did during this exploit, and I have no other way to ensure that those funds are used appropriately,” they stated in another on-chain message.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
A bounty of $49,000 USD was paid for the discovery.&lt;br /&gt;
&lt;br /&gt;
== Total Amount Recovered ==&lt;br /&gt;
The total amount recovered has been estimated at $441,000 USD.&lt;br /&gt;
&lt;br /&gt;
What funds were recovered? What funds were reimbursed for those affected users?&lt;br /&gt;
&lt;br /&gt;
== Ongoing Developments ==&lt;br /&gt;
What parts of this case are still remaining to be concluded?&lt;br /&gt;
== Individual Prevention Policies ==&lt;br /&gt;
{{Prevention:Individuals:Placeholder}}&lt;br /&gt;
&lt;br /&gt;
{{Prevention:Individuals:End}}&lt;br /&gt;
&lt;br /&gt;
== Platform Prevention Policies ==&lt;br /&gt;
{{Prevention:Platforms:Placeholder}}&lt;br /&gt;
&lt;br /&gt;
{{Prevention:Platforms:End}}&lt;br /&gt;
&lt;br /&gt;
== Regulatory Prevention Policies ==&lt;br /&gt;
{{Prevention:Regulators:Placeholder}}&lt;br /&gt;
&lt;br /&gt;
{{Prevention:Regulators:End}}&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&amp;lt;references&amp;gt;&amp;lt;ref name=&amp;quot;slowmisthackedarchive-14201&amp;quot;&amp;gt;[https://web.archive.org/web/20240528162707/https://hacked.slowmist.io/ SlowMist Hacked - SlowMist Zone] (Jun 10, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;panewslab-14234&amp;quot;&amp;gt;[https://www.panewslab.com/zh/sqarticledetails/xes9udaz.html Base生态Meme币NORMIE因遭受攻击价格暴跌，团队称其部署钱包中有超500 ETH将用于解决此问题 - PANews] (Jun 12, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;normiebasetwitter-14235&amp;quot;&amp;gt;[https://twitter.com/NormieBase/status/1794606439677186064 @NormieBase Twitter] (Jun 12, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;normiebase-14236&amp;quot;&amp;gt;[https://normiebase.com/ normie] (Jun 12, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;coindesk-14237&amp;quot;&amp;gt;[https://www.coindesk.com/markets/2024/05/27/normie-dumps-99-as-attacker-calls-meme-coins-tax-contract-a-copy-paste-job/ Normie Token Price Dumps 99% as Attacker Calls Meme Coin’s Tax Contract a 'Copy-Paste' Job] (Jun 12, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;cryptovibe-14238&amp;quot;&amp;gt;[https://cryptovibe.co/exploit-in-normie-coin-caused-a-rug-pull-using-flashloan-attack/ Exploit in Normie Coin caused a rug pull using Flashloan Attack - Crypto Vibe] (Jun 12, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;cryptonews-14239&amp;quot;&amp;gt;[https://cryptonews.com/news/normie-team-negotiates-90-fund-return-after-41-7m-market-cap-plunge.htm https://cryptonews.com/news/normie-team-negotiates-90-fund-return-after-41-7m-market-cap-plunge.htm] (Jun 12, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;beincrypto-14240&amp;quot;&amp;gt;[https://beincrypto.com/normie-meme-coin-base-exploit/ https://beincrypto.com/normie-meme-coin-base-exploit/] (Jun 12, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;basescan-14241&amp;quot;&amp;gt;[https://basescan.org/tx/0x587f14b7ffb30b5013ab0db02e9bc94183817ef34c24a9595f33277e752f81eb Base Transaction Hash (Txhash) Details | BaseScan] (Jun 12, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;quickintelaitwitter-14242&amp;quot;&amp;gt;[https://twitter.com/quickintel_ai/status/1794780977073697093 @quickintel_ai Twitter] (Jun 12, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;lookonchaintwitter-14243&amp;quot;&amp;gt;[https://twitter.com/lookonchain/status/1794680619177521537 @lookonchain Twitter] (Jun 12, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;cryptopotato-14244&amp;quot;&amp;gt;[https://cryptopotato.com/normie-token-plummets-99-after-smart-contract-exploit/ Normie Token Plummets 99% After Smart Contract Exploit] (Jun 12, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;certik-14245&amp;quot;&amp;gt;[https://www.certik.com/resources/blog/normie-incident-analysis https://www.certik.com/resources/blog/normie-incident-analysis] (Jun 12, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;basescan-14246&amp;quot;&amp;gt;[https://basescan.org/tx/0xa618933a0e0ffd0b9f4f0835cc94e523d0941032821692c01aa96cd6f80fc3fd Base Transaction Hash (Txhash) Details | BaseScan] (Jun 12, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;cryptonews-14247&amp;quot;&amp;gt;[https://cryptonews.com/news/normie-memecoin-project-fires-intern-over-offensive-video-apologizes-for-content.htm https://cryptonews.com/news/normie-memecoin-project-fires-intern-over-offensive-video-apologizes-for-content.htm] (Jun 12, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;basescan-14248&amp;quot;&amp;gt;[https://basescan.org/address/0xd8056b0f8aa2126a8db6f0b3109fe9127617beb2 Normie: Deployer | Address 0xd8056b0f8aa2126a8db6f0b3109fe9127617beb2 | BaseScan] (Jun 12, 2024)&amp;lt;/ref&amp;gt;&amp;lt;/references&amp;gt;&lt;/div&gt;</summary>
		<author><name>Azoundria</name></author>
	</entry>
</feed>