An Ethereum developer claims that the recent Pectra upgrade of the Sépolia Testnet has encountered errors, which was aggravated after an attacker used an “on -board” to cause the exploitation of empty blocks.
Pectra deployed on his final test, Sepolia, at 7:29 am on March 5, but the developer of Ethereum, Marius Van der Wijden, said in an article on March 8 that the team immediately started to see error messages on their Geth node and the empty blocks being exploited.
The error was that the deposit contract launched the bad type of event – a transfer event instead of a deposit, according to Van der Wijden.
A fix has been deployed, but Van der Wijden says that they have missed a on-board box, and an unknown user operated it by sending a transfer to 0-token to the deposit address, which again triggered the error.
“After a few minutes, we saw a lot of empty blocks, so we examined the transaction pools and found another incriminated transaction that triggered the same on-board cases,” he said.
Source: Marius van der Wijden
“We first thought that some some of the confidence validators had made a mistake, but we quickly realized that this transaction came from a new account recently financed by the tap.”
The ERC-20 standard does not prohibit a transfer of zero token; This allows anyone, even if he does not have tokens, to transfer to another address, which the unknown user has achieved, said Van der Wijden.
“The only way to stop the attack would be to filter all the transactions that interact with the deposit contract. We therefore made the following private fix, which we deployed on some of the DevOps nodes. »»
“We suspected that the attacker read some of our cats, so we decided not to make the fix known, but to update only a few nodes that we have checked in order to obtain more complete blocks on the network,” he added.
Source: Marius van der Wijden
At 2 p.m., all the nodes had been updated with the unknown correction and user transaction was successfully exploited.
Van der Wijden said that they had never lost finalization during the incident, and that the problem was isolated against Sépolia because they used an informed deposit contract instead of the normal main contract for deposit.
Previously, the developers tested the upgrading of Pectra on the Holesky Testnet on February 26, which also encountered problems.
Consequently, the developers have decided to postpone the upgrading of Pectra until more tests can be carried out.
In relation: The feeling of ether strikes each year, but it could be a good thing: santly
The Pectra fork follows the Dencun network upgrade, which reduced the transaction costs for layer 2 networks and improved the economy of Ethereum Rollups. Dencun Hard Fork was deployed on March 13, 2024.
The Ethereum Foundation recently has a new leadership structure with two Codirectors of the Foundation, Hsiao-Wei Wang and Tomasz Stańczak, taking the bar.
Review: The launch of Megaeth could save Ethereum… but at what price?
