- According to the Ethereum developers, the Sepolia test network was attacked after the use of PECTRA.
- A private fixed was provided to prevent the attacker from spying on chats.
The Ethereum PECTRA-upgrade recently went into operation in the Sepolia test network and met with errors that were reinforced by the attacks of an attacker. The Ethereum developers say that the attack was carried out by a weak point that had been overlooked in the ERC20 contract.
Sepolia produces empty blocks: why?
How CNF reportedEthereum developers successfully activated the PECTRA upgrade on March 5 in the Sepolia test network. The aim was to test the upgrade functions of the PECTRA upgrade under simulated network conditions.
In one Contribution from March 8th the Ethereum developer Marius van der Wijden sharedhowever With that Sepolia encountered problems shortly after activation. According to the developer, the team noticed error messages on his Geth node and mining empty blocks.
The error message reads: “Unwhols to parse deposit data: Deposit Wrong Langth: Want 576, Have 32.” The Ethereum developers concluded that the error occurs from a transfer event and not from a deposit.
Van der Wijden said the team acted quickly to fix the problem. To ensure a smooth rollout, the team replaced the transactions that continuously triggered the Edge Case.
However, Van der Wijden noted that they had overlooked a borderline case in the ERC20 specification. An unknown user took advantage of this loophole to send a 0 token transfer to the deposit address, which in turn triggered the error. Van der Wijden:
“After a few minutes we saw many empty blocks again, so we looked at the transaction pools again and found another faulty transaction that triggered the same edge cases.”
The developer said that the team initially thought that someone of the trustworthy Validiers made a mistake. However, it soon turned out that this transaction came from a new account that the rooster had recently financed. This pointed out that someone had discovered a border case in the ERC20 contract that they had overlooked.
Ethereum developers defend the Sepolia attack
The Ethereum developers quickly use a private fix to prevent the attacker from causing further damage. Van der Wijden said they decided on this solution because they suspected that the attacker would read their chats.
The developer pointed out that the team only updated a few of them controlled nodes in order to get more complete blocks into the network. The fix only filtered out transactions that immediately called up the deposit contract.
As soon as they had updated all EF_DEVOPS nodes, full blocks were proposed again. In this way, the chain could be used until the use of the real fixes was coordinated.
At 2 p.m. on this day, all nodes were updated to the new versions, which contained the actual correction, and the attacker’s transaction was successfully handled. Van der Wijden assured users that they never lost the finalization during the incident. He said that the problem only occurred in Sepolia because a token-gated deposit contract was used there instead of the normal Mainnet Deposit contracts.
How CNF reportedthe Ethereum Pectra-upgrade offers 11 new functions, including improvements in scalability. The Ethereum developers had PECTRA-UPGRADE already tried out in the Holesky test network on February 26, but has been determined. As a result, the developers decided to move the PECTRA upgrade until further tests were carried out.
No Comments