Source: Cointelegraph Original: "{title}"

An Ethereum developer stated that a bug occurred during the recent Pectra upgrade on the Sepolia testnet, where an attacker exploited an "edge case" to trigger a vulnerability, leading to the continuous mining of empty blocks on the blockchain, exacerbating the issue.

Pectra went live on its final testnet Sepolia at 7:29 AM on March 5, but Ethereum developer Marius van der Wijden noted in a post on March 8 that the team immediately saw error messages on their geth nodes and observed the network starting to mine a large number of empty blocks.

Van der Wijden explained that the root of the problem lay in the deposit contract triggering the wrong event type—what should have triggered a deposit event accidentally triggered a transfer event.

Although the team quickly released a fix, Van der Wijden stated that they missed an edge case during the repair process, allowing the vulnerability to persist. An unknown user subsequently exploited this vulnerability by sending zero-token transfers to the deposit address, causing the error to occur again.

He said, "A few minutes later, we saw a large number of empty blocks again, so we checked the transaction pool and found another invalid transaction triggering the same edge case."

Source: Marius van der Wijden

"Initially, we thought it was a mistake made by a trusted validator, but we soon realized that this transaction actually came from a new account that had just received funds through a faucet."

Van der Wijden stated that the ERC-20 standard does not prohibit zero-token transfers, meaning that even if a user’s account has no tokens, they can still transfer to another address, which is the attack method exploited by the unknown user.

"The only way to prevent the attack was to filter out all transactions interacting with the deposit contract. So we created a private fix and deployed it to some DevOps nodes."

He added, "We suspected that the attacker was monitoring some of our chat logs, so we decided not to make the fix public, but only update a few nodes we controlled to generate more complete blocks in the network."

Source: Marius van der Wijden

By 2 PM that day, all nodes had completed the repair update, and the transactions from the anomalous user were successfully mined.

Van der Wijden emphasized that although this incident affected the normal operation of the Sepolia testnet, it did not impact final confirmations, and the issue was limited to the Sepolia testnet because they used a token-based deposit contract on that network instead of the normal mainnet deposit contract.

It is worth mentioning that as early as February 26, the development team had conducted preliminary testing of the Pectra upgrade on the Holesky testnet but encountered similar issues.

Therefore, based on recent testing experiences, the development team decided to postpone the mainnet launch of the Pectra upgrade until more testing could be completed to ensure its stability.

The Pectra fork is another significant network upgrade following the Ethereum Dencun upgrade. The Dencun upgrade officially went live on March 13, 2024, significantly reducing transaction fees on the Ethereum Layer-2 network and improving the economics of Rollups.

The Ethereum Foundation recently announced a new governance structure, with Hsiao-Wei Wang and Tomasz Stańczak serving as co-executive directors to jointly lead the foundation.

Related: Ethereum price shows a "double top," signaling a potential 42% drop as the Ethereum bull market ends.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。