An unknown attacker led Ethereum developers to roll out a “private fix” because the network struggled with technical problems during the Pectra upgrade on the Sepolia test network.
In a post-incident reportEthereum developer Marius van der Wijden revealed that the attacker exploited a “Edge Case” overlooked, repeatedly caused errors caused by zero-cut transfers to the deposit contract, which means that an already restless rollout is further complicated.
What happened?
On March 5, the Pectra -upgrade went live on Sepolia, but almost immediately developers started seeing error messages on their Geth nodes, in addition to an increase in empty blocks that were mined.
According to Van der Wijden, the problem stemmed from the deposit contract that emits an unexpected event – a transfer event instead of the required deposit event – which rejected transactions and only produced empty blocks.
The bug was linked to EIP-6110, for which all logs of the deposit contract uniform had to be processed.
The GEH team rolled out a solution that would “ignore all the faulty logs that came from the deposit contract”, but developers reportedly overlooked a specific edge case in the ERC-20 standard.
“The ERC20 standard does not prohibit 0 token transfer, because of this someone (even if they do not have token) can transfer 0 tokens to another address that will broadcast an event,” explained Van der Wijden, adding that an “attacker” benefited from this by repeatedly sending zero to the deposit control.
This led to the same mistake and made sure that the network remained empty blocks.
Initially, developers suspected that a trusted validator had made a mistake, but after investigation they traced the issue into a new funded account of a public crane.
To stop the attack, developers had to filter transactions that interact with the deposit contract. However, they suspected that the attacker monitored their chats, so that they roll out a “private fix” to select DevOps nodes that checked around 10% of the network.
After the solution was implemented, nodes resume the production of full blocks, so that the chain could normally function at 14:00 UTC. A few blocks later, the transaction of the attacker was successfully mined, which confirmed that all node operators had updated.
Despite the disruptions, “Ethereum” never lost the completion “, and the issue was limited to Sepolia, because the token-gatted deposito contract differed from the Ethereum Manet dumping contract, according to Van der Wijden.
Nevertheless, developers have decided to postpone the Pectra upgrade for further testing and error detection.
What is Ethereum’s Pectra upgrade?
The Pectra fork is designed to improve ETH deployment, to improve low 2 scalability and to expand network capacity. It introduces 11 Ethereum improvement proposals (EIPs) and marks the first major upgrade since Dencun, which went live in March 2024.
As previously reported by crypto.news, developers were planning to implement Pectra Pectra on Mainstet on 8 April, provided that both the Holesky and Sepolia Testnets successfully completed their upgrades.
The upgrade was implemented for the first time on the Holesky Testnet on 24 February, where it also encountered technical issues that prevent the completion.
