The post Unknown attacker causes headaches during Pectra upgrade on Sepolia appeared on BitcoinEthereumNews.com.

An Ethereum developer says the recent Pectra upgrade of the Sepolia testnet ran into errors, which was made worse after an attacker used an “edge case” to cause the mining of empty blocks. Pectra rolled out on its final testnet, Sepolia, at 7:29 am on March 5, but Ethereum developer Marius van der Wijden said in a March 8 post that the team immediately started seeing error messages on their geth node and empty blocks being mined. The error was because the deposit contract triggered the wrong type of event — a transfer event instead of a deposit, according to Van der Wijden. A fix was rolled out, but van der Wijden says they missed one edge case, and an unknown user exploited it by sending a 0-token transfer to the deposit address, which triggered the error again.  “After a few minutes we saw a lot of empty blocks again, so we looked again into the transaction pools and found another offending transaction that triggered the same edge cases,” he said. Source: Marius van der Wijden “First we thought that someone from the trusted validators has made a mistake, but we quickly realized that this transaction originated from a new account recently funded by the faucet.”   The ERC-20 standard does not forbid a zero token transfer; this allows anyone, even if they don’t own any tokens, to transfer to another address, which the unknown user realized, van der Wijden said. “The only way to stop the attack would be to filter out all transactions that interact with the deposit contract. So we made the following private fix, which we deployed to a few of the DevOps nodes.” “We suspected that the attacker was reading some of our chats, so we decided not to publicize the fix, but only update a…

---

Filed under: News - @ March 10, 2025 7:22 am