An Ethereum programmer claims that the latest Pectra enhancement of the Sepolia testnet encountered issues, exacerbated when an intruder utilized an “edge case” to facilitate the mining of void blocks.
Pectra debuted on its ultimate testnet, Sepolia, at 7:29 am on March 5, yet Ethereum programmer Marius van der Wijden stated in a March 8 article that the team promptly began receiving error notifications on their geth node along with the mining of empty blocks.
The problem arose as a result of the deposit contract invoking the incorrect type of event — a transfer event instead of a deposit, according to Van der Wijden.
A remedy was implemented, however, van der Wijden noted that one edge case was overlooked, and an unidentified individual took advantage by sending a 0-token transfer to the deposit address, which provoked the error once more.
“After a short time, we observed numerous empty blocks again, prompting us to check the transaction pools once more where we discovered another problematic transaction triggering the same edge case,” he stated.
Source: Marius van der Wijden
“Initially, we suspected that someone among the trusted validators had made an error, but we quickly became aware that this transaction stemmed from a newly funded account from the faucet.”
The ERC-20 standard does not prohibit a zero token transfer, enabling anyone, even those without any tokens, to conduct transfers to another address, which the unidentified user discovered, remarked van der Wijden.
“The only solution to halt the assault would be to filter out all transactions interacting with the deposit contract. Thus, we implemented a private fix, which we distributed to several of the DevOps nodes.”
“We had suspicions that the assailant was monitoring some of our discussions, so we opted not to announce the fix publicly but only applied updates to a few controlled nodes in order to achieve more filled blocks on the network,” he added.
Source: Marius van der Wijden
By 2 pm, all nodes had received the update, and the unidentified user transaction was successfully mined.
Van der Wijden stated that they did not experience any loss of finalization during the event, and the concern was confined to Sepolia because they were operating a token-gated deposit contract rather than the standard mainnet deposit contract.
Earlier, the developers tested the Pectra upgrade on the Holesky testnet on February 26, which also faced difficulties.
Consequently, the developers have resolved to delay the Pectra upgrade until further testing can be completed.
Related: Ether sentiment reaches yearly low but this may be a positive sign: Santiment
The Pectra fork follows the network’s Dencun enhancement, which reduced transaction costs for layer-2 systems and enhanced the economics of Ethereum rollups. The Dencun hard fork was executed on March 13, 2024.
The Ethereum Foundation recently announced a new leadership structure, with Hsiao-Wei Wang and Tomasz Stańczak serving as co-directors of the foundation.
Magazine: MegaETH launch could save Ethereum… but at what cost?