The highly expected Pectra upgrade from Ethereum has faced testnet sepolia disorders after exploitation that led to an empty mass mining. The upgrade, published on March 5, faced cases a few hours after the developers noticed error messages on their Geth knot.
According to detail a report From Ethereum Marius Van Der Wijdeen developer, the team discovered an unexpected behavior in the deposit contract that occurred in Testnet at about 7:30 of the United States last Wednesday. Instead of running the expected deposit event, the contract is not correct.
“Shortly after the stimulation of the solid fork, Jim McDonald told us to send a deposit to test the withdrawal functions that caused the added implementation in Pectra. Then we saw error messages on our GETH knot and we started seeing a lot of empty blocs that are minedVan der explained and finds.
It is reported that the error message reads, “Unable to analyze the deposit data: depositing the wrong length: you want 576, you have 32.” This means that an unexpected deposit contract has been carried out, which disrupts the expected behavior of the series.
An unknown striker takes advantage of a lost edge
He said and found that the developers moved quickly to spread the reform, but the issue of the edge that was ignored allowed the unknown striker to benefit from the regime. The exploiter sent a zero transfer to the deposit address and managed to run the same mistake again, which continues to mining the empty mass.
“We have examined the deposit and verifying contract that no one can lead to deposit functions (because it is symbolic gates and gave only distinctive symbols to the reliable parties of Sibolia). We missed one edge case in ERC20 specifications, though this“Note the developer.
Initially, the developers suspected that the error came from reliable AuditorBut later I realized that the transaction originated from a new account that was funded through a faucet. The Ethereum team then moved to coordinate repair repair without dividing the series.
Wijdeen said that the hasty version could have caused the network fragmentation because the contract that was not updated was unable to connect to the fixed chain. After avoiding the crisis, they planned a joint launch for 14:00 UTC, giving the teams the time to prepare.
The developers found the defect after the additional investigation: The ERC-20 standard is not prohibited from transferring zero symbols. This means that anyone, regardless of the number of distinctive symbols they have, can send a step of zero symbols. This is what caused the deposit event.
Three and a half hours before the coordinated repair, as described the developer, Cibulia It is supposed to produce a lot of empty blocks. To restore normal operations in the meantime, developers removed the transactions that lead to their exploitation by replacing them with high devices.
The developers have published a special repair to contain the attack
ETHEREUM team has implemented a special reform that the transactions that interact with the deposit contract were liquidated. Given doubts that the attacker was watching the developer chats, they decided not to publish the reform immediately.
“The reform only liquidates the transactions that require the deposit contract directly. If we spread the reform, the attacker would be able to defraud us by calling the contract from another contract. These internal calls will continue to lead to the event, but it will not be easy to liquidate while creating the block“And they find I mentioned.
Once updated about 10 % of the network contract, the full blocs began to appear again. This allowed the series to work while preparing a full correction for publication.
At 14:00 UTC, all contracts were updated to the new version that contains the final reform. After a few blocks, the attacker’s deal was successfully extracted, confirming that all the employees of the knots have carried out the correction. The accident did not affect Mainnet’s ethereum, because the case was specific to the Sepolia’s distinctive deposit contract.
It affected all the contract, because it was a clash between the specifications and the implementation of the deposit contract in Sepolia
– Mariusvanderwijden (Vdwijdeen) March 9, 2025
When a social media user asked him X if the attacker has anything that he wins “by exploiting the Testnet case, Wijdeen answered,”No, they had nothing to win“
Ethereum price conflicts continue: The market activity is weaker
Ethereum still shows signs of weakness, raising more than 10 % of its value last week. The second largest currency by the market ceiling was hovering around the brand of $ 2000, a low level of support for three months that market monitors expect to decrease.
According to the technical indicators on the market, the ETH is in a continuous declining direction, as its highest levels and lowest levels are formed along with the averages of the Habbudian movement. If Ethereum fails to get $ 2000, analysts warn that the following major support levels range from $ 1,800 and $ 1700.
Although the RSI index (RSI) at 30.45 indicates a possible bounce in the short term, the resistance at $ 2200 is a level that the currency failed to penetrate for more than 24 hours.
Cryptopolitan Academy: soon – a new way to earn a negative income with Defi in 2025. Learn more
