Exploit in Normie Coin caused a rug pull using Flashloan Attack

Photo of author

By aghaasadharoon


Normie Coin ($NORMIE) has recently been at the centre of a significant exploit that has rattled its community. The exploit, discovered and detailed by Profound Watcher on Twitter, highlights vulnerabilities in the token’s smart contract. This article delves into the specifics of the exploit, the methods used by the attacker, and the broader implications for $NORMIE and other similar tokens.

Understanding the Exploit

The exploit revolves around using flash loans to manipulate the token pool, ultimately draining its value to zero. Flashloans allow users to borrow large sums of cryptocurrency without collateral, provided the loan is repaid within the same transaction. This capability is often used in arbitrage opportunities but can also be exploited for malicious purposes.

Critical Steps in the Exploit:

  1. Acquisition of Tokens: The attacker bought 5 million $NORMIE tokens, which triggered the permissions needed for the exploit.
  2. Granting Permissions: By purchasing a specific amount of tokens, the attackers granted themselves permissions usually reserved for premarket users.
  3. Flashloan Execution: Using a flashloan, the attacker endlessly filled the contract address (CA) with tokens, draining its liquidity.
  4. Zero Value Pool: This manipulation left the pool at essentially zero value, enabling the attacker to buy up tokens at no cost and sell them as others bought the dip.

Technical Breakdown

The exploit takes advantage of a specific $NORMIE intelligent contract function. Profound Watcher provided a detailed analysis of this function, which checks if a recipient address is already a premarket user. If not, it verifies if the amount being bought matches the amount in the team wallet. If these conditions are met, the recipient is granted premarket user permissions.

Critical Code Snippet:


_get_premarket_user(address _address, uint256 amount) internal {
premarket_user[_address] = !premarket_user[_address] ? (amount == balanceOf(teamWalletAddress)) : premarket_user[_address];

This piece of code inadvertently allowed the attacker to repeatedly grant themselves permissions by matching their purchase amount to the team wallet’s balance, leading to continuous token minting.

Impact on $NORMIE

The immediate impact of this exploit was a catastrophic drop in $NORMIE’s value, as evidenced by the sharp decline in its price chart. The liquidity drain caused panic among investors, many of whom sold their holdings, exacerbating the token’s plummet.

Price Chart Analysis: The chart provided by TradingView shows a dramatic drop, highlighting the moment the exploit was executed and the subsequent panic sell-off. This event underscores the importance of robust intelligent contract security and the potential risks associated with flash loans.

Lessons and Future Precautions

This incident with $NORMIE highlights several critical lessons for the cryptocurrency community:

  1. Smart Contract Audits: Regular and thorough audits by reputable firms can help identify vulnerabilities before they are exploited.
  2. Flashloan Risks: While flashloans offer benefits, they also pose significant risks. Developers need to consider these risks and implement safeguards.
  3. Community Vigilance: Active monitoring and quick response from the community and developers can mitigate damage during an exploit.


The recent exploit of Normie Coin serves as a stark reminder of the vulnerabilities in decentralized finance (DeFi). As the space evolves, developers and investors must remain vigilant, ensuring robust security measures are in place. This incident, while detrimental, provides valuable lessons for the future, emphasizing the need for continuous improvement in smart contract security.

For further updates and detailed analysis, follow Profound Watcher on Twitter.