An unknown striker prompted Ethereum developers to deploy a “private correction” while the network was faced with technical problems when upgrading Pectra on the Sepolia testnet.
In a post-incident report, the developer of Ethereum, Marius Van der Wijden, revealed that the attacker has exploited a neglected “on-board”, triggering errors several times by sending zero transfers to the deposit contract, further complicating an already disturbed deployment.
What happened?
On March 5, the upgrading of Pectra was put online on Sepolia, but almost immediately, the developers began to see error messages appear on their Geth nodes, in parallel with an increase in empty blocks extracted.
According to Van der Wijden, the question came from the deposit contract issuing an unexpected event – a transfer event instead of the required deposit event – which has made the nodes reject the transactions and produce only empty blocks.
The bug was linked to the EIP-6110, which required that all newspapers in the deposit contract be treated uniformly.
The GETH team has deployed a correction which “would ignore all the erroneous newspapers from the deposit contract”, but the developers would have ignored a specific case in the ERC-20 standard.
“The ERC20 standard does not prohibit the transfer of chips 0, which allows anyone (even if it does not have any token) to transfer 0 tokens to another address that will issue an event,” said Van Der Wijden, adding that a “attacker” has benefited several times by sending zero transfers to the deposit contract several times.
This sparked the same error and caused the empty blocks of the network.
Initially, the promoters suspected that a confidence validator had made a mistake, but during the investigation, they traced the question of a newly funded account of a public tap.
To stop the attack, the developers had to filter the interacting transactions with the deposit contract. However, they suspected that the attacker was monitoring their conversations, which prompted them to deploy a “private correction” to select the DevOps nodes controlling around 10% of the network.
Once the correction has been deployed, the nodes have resumed the production of complete blocks, allowing the chain to operate normally by 2:00 p.m. UTC. A few blocks later, the striker’s transaction was successfully exploited, confirming that all node operators have updated.
Despite the disturbances, Ethereum has never lost finalization “, and the problem was limited to Sepolia, because his informal token deposit contract differs from the Mainnet Ethereum deposit contract, according to Van der Wijden.
Nevertheless, the developers decided to delay the upgrade of Pectra for other tests and debug.
What is the upgrade of Ethereum Pectra?
The Pectra fork is designed to improve the stimulation of ETH, improve the scalability of layer 2 and extend network capacity. It introduces 11 Ethereum improvement proposals (EIPS) and marks the first major upgrade from Dencun, which was posted in March 2024.
As previously indicated by Crypto.News, the developers planned to deploy Pectra on the maintenance by April 8, provided that the testnets of Holesky and Sepolia have successfully upgraded.
The upgrade was implemented for the first time on the Holesky Testnet on February 24, where it also encountered technical problems that prevented the finalization.
