Story Highlights
- An attacker exploited the Pectra upgrade on Sepolia, slowing the rollout.
- The attack resulted in empty block mining but did not impact Ethereum’s mainnet.
- Developers are taking extra time to test before the mainnet deployment.
Ethereum’s Pectra upgrade has been postponed yet again following an unknown attacker using a vulnerability on the Sepolia testnet. The attack resulted in the production of empty blocks, which prompted developers to implement a private fix before normal network activity resumed.
The problem was first brought to the attention of the community by Ethereum developer Marius Van Der Wijden, who noticed that the issue had started when Pectra upgraded live on March 5. Developers saw error messages and sporadic empty block mining, originating from an irregular event in the deposit contract. Instead of triggering a deposit event, the contract mistakenly triggered a transfer event, which was causing issues.
To counter the attack , developers implemented a private fix, patching a limited number of DevOps nodes carefully without exposing the solution. They assumed the attacker was eavesdropping on their communications, so they employed a stealthy method to ensure they solved fuller blocks before fully deploying the fix.
Ethereum Pectra Upgrade Postponed Following Sepolia Attack
Geth attempted to address the issue by rejecting bad logs of the deposit contract but overlooked an edge case of the ERC-20 standard. The attacker targeted it by executing zero-token transfers, rendering block creation useless. The network kept producing empty blocks until developers coordinated and rolled out a private fix, resuming full block production.
In spite of the failure, the incident did not affect Ethereum’s mainnet, and the network sustained finalization. The difference between deposit contracts on the Ethereum mainnet and Sepolia testnet was the most significant reason for the success of the attack.
Consequently, developers have delayed the mainnet launch of the Pectra upgrade to allow more time for additional testing and debugging. Developers are making sure the problem is completely solved before proceeding with the implementation.
Meanwhile, Ethereum’s market is still poor with more than 600K ETH taken out from exchanges last week. The value of Ether decreased by more than 10% this week and is still heading south. And according to CMC at the time of writing Ethereum is priced at $1,884.
