- Ethereum‘s Pectra upgrade on Sepolia testnet encountered errors and empty blocks due to a deposit contract issue.
- An attacker exploited an “edge case” by sending 0-token transfers to trigger errors, requiring developers to deploy targeted fixes.
- The Pectra upgrade has been postponed for additional testing following issues on both Sepolia and Holesky testnets.
Ethereum’s Pectra testnet upgrade hit significant roadblocks as an unknown actor exploited a technical vulnerability to disrupt operations, causing a series of empty blocks to be mined. The incident, which occurred on the Sepolia testnet on March 5, has prompted developers to delay the upgrade until further testing can be completed.
Marius van der Wijden, an Ethereum developer, detailed the technical issues in a March 8 post, explaining how the team detected error messages on their geth node immediately after deployment.
The root cause was identified as a deposit contract triggering an incorrect event type—specifically a transfer event instead of a deposit. While developers implemented an initial fix, they inadvertently missed an edge case that later became the attack vector.
“After a few minutes we saw a lot of empty blocks again, so we looked again into the transaction pools and found another offending transaction that triggered the same edge cases,” van der Wijden explained in his analysis.
The attacker, who appears to have been monitoring developer communications, exploited the vulnerability by sending a zero-token transfer to the deposit address. This action was technically valid within the ERC-20 standard, which doesn’t prohibit zero-value transfers, even from accounts without token balances.
To counter the disruption, the development team deployed a targeted fix to specific nodes they controlled, deliberately keeping the solution private.
“We suspected that the attacker was reading some of our chats, so we decided not to publicize the fix, but only update a few nodes that we controlled in order to get more full blocks on the network,” noted van der Wijden.
By 2 PM on the same day, all nodes received the necessary updates, allowing the problematic transaction to be processed successfully. The developer emphasized that finalization was never lost during the incident, and the issue was isolated to Sepolia due to its use of a token-gated deposit contract instead of the standard mainnet deposit mechanism.
This wasn’t the first challenge for Pectra. The upgrade previously encountered difficulties during testing on the Holesky testnet on February 26, contributing to the decision to postpone the upgrade pending additional testing.
Pectra follows Ethereum’s Dencun upgrade, which was successfully implemented on March 13, 2024, bringing reduced transaction fees for layer-2 networks and improved economics for Ethereum rollups.
The Ethereum Foundation recently introduced a new leadership structure with Hsiao-Wei Wang and Tomasz Stańczak appointed as co-directors, as the network continues to evolve through these technical challenges.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- OCC Removes Pre-Approval Requirement for Banks’ Crypto Activities
- Utah Passes Crypto Bill Without Bitcoin Reserve Provision
- Treasury Secretary Lutnick Dismisses Recession Fears: “No Downturn Coming for America”
- HUD Explores Blockchain and Stablecoin Use for Grant Monitoring and Payments
- Bitcoin Slumps to $80,000 as Crypto Markets Face Sunday Selloff
