Unknown attacker causes headaches during Pectra upgrade on Sepolia
An Ethereum developer says the recent Pectra upgrade of the Sepolia testnet ran into errors, which was made worse after an attacker used an “edge case” to cause the mining of empty blocks.
Pectra rolled out on its final testnet, Sepolia, at 7:29 am on March 5, but Ethereum developer Marius van der Wijden said in a March 8 post that the team immediately started seeing error messages on their geth node and empty blocks being mined.
The error was because the deposit contract triggered the wrong type of event — a transfer event instead of a deposit, according to Van der Wijden.
A fix was rolled out, but van der Wijden says they missed one edge case, and an unknown user exploited it by sending a 0-token transfer to the deposit address, which triggered the error again.
“After a few minutes we saw a lot of empty blocks again, so we looked again into the transaction pools and found another offending transaction that triggered the same edge cases,” he said.
Source: Marius van der Wijden
“First we thought that someone from the trusted validators has made a mistake, but we quickly realized that this transaction originated from a new account recently funded by the faucet.”
The ERC-20 standard does not forbid a zero token transfer; this allows anyone, even if they don’t own any tokens, to transfer to another address, which the unknown user realized, van der Wijden said.
“The only way to stop the attack would be to filter out all transactions that interact with the deposit contract. So we made the following private fix, which we deployed to a few of the DevOps nodes.”
“We suspected that the attacker was reading some of our chats, so we decided not to publicize the fix, but only update a few nodes that we controlled in order to get more full blocks on the network,” he added.
Source: Marius van der Wijden
By 2 pm, all the nodes had been updated with the fix, and the unknown user transaction was mined successfully.
Van der Wijden said they never lost finalization during the incident, and the issue was isolated to Sepolia because they were using a token-gated deposit contract instead of the normal mainnet deposit contract.
Previously, the developers tested the Pectra upgrade on the Holesky testnet on Feb. 26, which also encountered issues.
As a result, the developers have decided to postpone the Pectra upgrade until more tests can be done.
Related: Ether sentiment hits yearly low but that could be a good thing: Santiment
The Pectra fork follows the network’s Dencun upgrade, which slashed transaction fees for layer-2 networks and improved the economics of Ethereum rollups. The Dencun hard fork rolled out on March 13, 2024.
The Ethereum Foundation recently a new leadership structure with two co-directors of the foundation, Hsiao-Wei Wang and Tomasz Stańczak, taking the helm.
Magazine: MegaETH launch could save Ethereum… but at what cost?
Bitcoin (BTC) $ 116,472.00
Ethereum (ETH) $ 3,828.67
XRP (XRP) $ 3.05
Tether (USDT) $ 1.00
BNB (BNB) $ 775.38
Solana (SOL) $ 169.33
USDC (USDC) $ 0.999785
Lido Staked Ether (STETH) $ 3,823.25
TRON (TRX) $ 0.341105
Dogecoin (DOGE) $ 0.212996
Cardano (ADA) $ 0.753443
Wrapped stETH (WSTETH) $ 4,628.40
Wrapped Bitcoin (WBTC) $ 116,496.00
Hyperliquid (HYPE) $ 39.17
Sui (SUI) $ 3.68
Stellar (XLM) $ 0.406904
Wrapped Beacon ETH (WBETH) $ 4,108.98
Chainlink (LINK) $ 17.96
Bitcoin Cash (BCH) $ 576.96
Wrapped eETH (WEETH) $ 4,105.01
Hedera (HBAR) $ 0.250442
Ethena USDe (USDE) $ 1.00
Avalanche (AVAX) $ 22.52
Litecoin (LTC) $ 121.44
WETH (WETH) $ 3,829.73
LEO Token (LEO) $ 8.96
Toncoin (TON) $ 3.30
USDS (USDS) $ 0.999182
Shiba Inu (SHIB) $ 0.000013
Binance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.999918
Coinbase Wrapped BTC (CBBTC) $ 116,411.00
WhiteBIT Coin (WBT) $ 43.72
Uniswap (UNI) $ 10.06
Polkadot (DOT) $ 3.74
Bitget Token (BGB) $ 4.42
Ethena Staked USDe (SUSDE) $ 1.19
Monero (XMR) $ 261.31
Cronos (CRO) $ 0.147948
Pepe (PEPE) $ 0.000011
Aave (AAVE) $ 274.22
Ethena (ENA) $ 0.621503
Dai (DAI) $ 1.00
Mantle (MNT) $ 1.08
Bittensor (TAO) $ 353.23
Ethereum Classic (ETC) $ 20.81
NEAR Protocol (NEAR) $ 2.57
Ondo (ONDO) $ 0.982610
Aptos (APT) $ 4.32
Internet Computer (ICP) $ 5.21
Pi Network (PI) $ 0.355301
OKB (OKB) $ 45.57
Jito Staked SOL (JITOSOL) $ 206.98
Binance-Peg WETH (WETH) $ 3,828.16
BlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
Kaspa (KAS) $ 0.086730
Pudgy Penguins (PENGU) $ 0.035366
Algorand (ALGO) $ 0.254930
USD1 (USD1) $ 0.999462
POL (ex-MATIC) (POL) $ 0.234171
Arbitrum (ARB) $ 0.403743
VeChain (VET) $ 0.023790
Cosmos Hub (ATOM) $ 4.35
Gate (GT) $ 16.72
Fasttoken (FTN) $ 4.58
Bonk (BONK) $ 0.000025
Render (RENDER) $ 3.67
sUSDS (SUSDS) $ 1.06
Worldcoin (WLD) $ 0.994845
Story (IP) $ 6.15
Rocket Pool ETH (RETH) $ 4,356.63
Official Trump (TRUMP) $ 8.98
Artificial Superintelligence Alliance (FET) $ 0.686395
Jupiter Perpetuals Liquidity Provider Token (JLP) $ 4.98
Sky (SKY) $ 0.082838
Binance Staked SOL (BNSOL) $ 180.26
Sei (SEI) $ 0.299399
Kelp DAO Restaked ETH (RSETH) $ 4,017.71
Filecoin (FIL) $ 2.42
Flare (FLR) $ 0.023005
Lombard Staked BTC (LBTC) $ 116,425.00
SPX6900 (SPX) $ 1.73
XDC Network (XDC) $ 0.092567
Jupiter (JUP) $ 0.483519
USDtb (USDTB) $ 1.00
StakeWise Staked ETH (OSETH) $ 4,025.82
Liquid Staked ETH (LSETH) $ 4,125.36
Mantle Staked Ether (METH) $ 4,102.11
USDT0 (USDT0) $ 1.00
Provenance Blockchain (HASH) $ 0.028183
KuCoin (KCS) $ 10.49
NEXO (NEXO) $ 1.34
Injective (INJ) $ 13.58
Stacks (STX) $ 0.711604
First Digital USD (FDUSD) $ 0.998446
Falcon USD (USDF) $ 0.999935
Celestia (TIA) $ 1.70
Renzo Restaked ETH (EZETH) $ 4,043.88
Curve DAO (CRV) $ 0.894677
Polygon Bridged USDT (Polygon) (USDT) $ 0.999892
Optimism (OP) $ 0.692679
