The recent Pectra upgrade on the Sepolia testnet for Ethereum was met with technical issues caused by an unknown attacker exploiting a loophole in the system. Ethereum developer Marius van der Wijden revealed in a post-incident report that the attacker triggered errors by sending zero-token transfers to the deposit contract, complicating the upgrade process.
The Pectra upgrade went live on March 5, but developers immediately noticed error messages and an increase in empty blocks being mined. The issue was traced back to the deposit contract emitting an unexpected event, causing nodes to reject transactions and produce empty blocks. This bug was linked to EIP-6110, which required all logs from the deposit contract to be processed uniformly.
The geth team rolled out a fix to ignore erroneous logs from the deposit contract, but an edge case in the ERC-20 standard was overlooked. The attacker took advantage of this by repeatedly sending zero-token transfers to the deposit contract, triggering the same error and causing the network to mine empty blocks.
Initially, developers suspected a trusted validator had made a mistake, but they later discovered the issue was caused by a newly funded account from a public faucet. To stop the attack, developers deployed a “private fix” to select DevOps nodes controlling 10% of the network. Once the fix was implemented, nodes resumed producing full blocks, and the network functioned normally.
Despite the disruptions, Ethereum did not lose finalization, and the issue was limited to the Sepolia testnet. The Pectra upgrade aims to enhance ETH staking, improve layer 2 scalability, and expand network capacity. It introduces 11 Ethereum Improvement Proposals (EIPs) and is the first major upgrade since the Dencun upgrade in March 2024.
Developers have decided to delay the Pectra upgrade for further testing and debugging following the issues on the Sepolia testnet. The upgrade was initially planned for deployment on the mainnet by April 8, pending successful upgrades on the Holesky and Sepolia testnets.
The Holesky testnet also faced technical issues during the Pectra upgrade, delaying finalization. Despite these challenges, Ethereum developers remain committed to improving the network’s functionality and scalability through upgrades like Pectra.