4 hours ago
14
An Ethereum developer says the caller Pectra upgrade of the Sepolia testnet ran into errors, which was made worse aft an attacker utilized an “edge case” to origin the mining of bare blocks.
Pectra rolled retired connected its last testnet, Sepolia, astatine 7:29 americium connected March 5, but Ethereum developer Marius van der Wijden said successful a March 8 post that the squad instantly started seeing mistake messages connected their geth node and bare blocks being mined.
The mistake was due to the fact that the deposit declaration triggered the incorrect benignant of lawsuit — a transportation lawsuit alternatively of a deposit, according to Van der Wijden.
A hole was rolled out, but van der Wijden says they missed 1 borderline case, and an chartless idiosyncratic exploited it by sending a 0-token transportation to the deposit address, which triggered the mistake again.
“After a fewer minutes we saw a batch of bare blocks again, truthful we looked again into the transaction pools and recovered different offending transaction that triggered the aforesaid borderline cases,” helium said.
Source: Marius van der Wijden
“First we thought that idiosyncratic from the trusted validators has made a mistake, but we rapidly realized that this transaction originated from a caller relationship precocious funded by the faucet.”
The ERC-20 modular does not forbid a zero token transfer; this allows anyone, adjacent if they don’t ain immoderate tokens, to transportation to different address, which the chartless idiosyncratic realized, van der Wijden said.
“The lone mode to halt the onslaught would beryllium to filter retired each transactions that interact with the deposit contract. So we made the pursuing backstage fix, which we deployed to a fewer of the DevOps nodes.”
“We suspected that the attacker was speechmaking immoderate of our chats, truthful we decided not to publicize the fix, but lone update a fewer nodes that we controlled successful bid to get much afloat blocks connected the network,” helium added.
Source: Marius van der Wijden
By 2 pm, each the nodes had been updated with the fix, and the chartless idiosyncratic transaction was mined successfully.
Van der Wijden said they ne'er mislaid finalization during the incident, and the contented was isolated to Sepolia due to the fact that they were utilizing a token-gated deposit declaration alternatively of the mean mainnet deposit contract.
Previously, the developers tested the Pectra upgrade connected the Holesky testnet connected Feb. 26, which besides encountered issues.
As a result, the developers person decided to postpone the Pectra upgrade until much tests tin beryllium done.
Related: Ether sentiment hits yearly debased but that could beryllium a bully thing: Santiment
The Pectra fork follows the network’s Dencun upgrade, which slashed transaction fees for layer-2 networks and improved the economics of Ethereum rollups. The Dencun hard fork rolled retired connected March 13, 2024.
The Ethereum Foundation recently a caller enactment structure with 2 co-directors of the foundation, Hsiao-Wei Wang and Tomasz Stańczak, taking the helm.
Magazine: MegaETH motorboat could prevention Ethereum… but astatine what cost?
English (US) ·