Ethereum’s Pectra upgrade on Sepolia testnet was targeted by unidentified attacker: report

An unknown striker prompted Ethereum developers to deploy a “private correction” while the network was faced with technical problems when upgrading Pectra on the Sepolia testnet.

In an essential reportThe developer of Ethereum, Marius van der Wijden, revealed that the attacker has exploited an neglected “boarding board”, triggering the errors several times by sending zero transfers to the deposit contract, further complicating an already disturbed deployment.

What happened?

On March 5, the Pectra upgrade has become online On Sepolia, but almost immediately, the developers began to see error messages arise on their Geth nodes, in parallel with an increase in extracted empty blocks.

According to Van der Wijden, the question came from the deposit contract issuing an unexpected event – a transfer event instead of the required deposit event – which has made the nodes reject the transactions and produce only empty blocks.

The bug was linked to the EIP-6110, which required that all newspapers in the deposit contract be treated uniformly.

The GETH team has deployed a correction which “would ignore all the erroneous newspapers from the deposit contract”, but the developers would have ignored a specific case in the ERC-20 standard.

“The ERC20 standard does not prohibit the transfer of chips 0, which allows anyone (even if it does not have any token) to transfer 0 tokens to another address that will issue an event,” said Van Der Wijden, adding that a “attacker” has benefited several times by sending zero transfers to the deposit contract several times.

This sparked the same error and caused the empty blocks of the network.

Initially, the promoters suspected that a confidence validator had made a mistake, but during the investigation, they traced the question of a newly funded account of a public tap.

To stop the attack, the developers had to filter the interacting transactions with the deposit contract. However, they suspected that the attacker was monitoring their conversations, which prompted them to deploy a “private correction” to select the DevOps nodes controlling around 10% of the network.

Once the correction has been deployed, the nodes have resumed the production of complete blocks, allowing the chain to operate normally by 2:00 p.m. UTC. A few blocks later, the striker’s transaction was successfully exploited, confirming that all node operators have updated.

Despite the disturbances, Ethereum has never lost finalization “, and the problem was limited to Sepolia, because his informal token deposit contract differs from the Mainnet Ethereum deposit contract, according to Van der Wijden.

Nevertheless, the developers decided to delay the upgrade of Pectra for other tests and debug.

What is the upgrade of Ethereum Pectra?

The Pectra fork is designed to improve the stimulation of ETH, improve the scalability of layer 2 and extend network capacity. It introduces 11 Ethereum improvement proposals (EIPS) and marks the first major upgrade since Dercunwhich was put online in March 2024.

As indicated previously by Crypto.News, the developers planned to deploy Pectra on the Mainnet before April 8, provided that the Holesky and Sepolia testnets successfully completed their improvements.

The upgrade was implemented for the first time on the Holesky Testnet on February 24, where it also encountered technical problems that prevented the finalization.