Pectra Upgrade Delay: Exploit Causes Empty Blocks on Sepolia

After the update went live at 7:29 AM, Ethereum developer Marius van der Wijden noticed error messages on their geth node, along with empty blocks being mined. The issue stemmed from a mistake in the deposit contract, which triggered a transfer event instead of a deposit event.

While a fix was quickly introduced, it did not account for every scenario. An unknown user took advantage of this by sending a zero-token transfer to the deposit address, which triggered the same problem again.

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

What is Monero? XMR Animated Explainer

SUBSCRIBE

ON YOUTUBE

Marius explained, "After a few minutes we saw a lot of empty blocks again, so we looked again into the transaction pools and found another offending transaction that triggered the same edge cases".

At first, developers suspected a trusted validator had made an error. However, further investigation revealed the transaction came from a newly created account funded by a faucet. Since the ERC-20 standard allows zero-token transfers, this loophole gave the attacker a way to cause disruptions.

To stop the issue, developers implemented a private fix, which blocked all transactions interacting with the deposit contract.

Following the Sepolia incident, developers have decided to postpone the full rollout until further testing is completed.

Recently, 1inch detected a security flaw that allowed an attacker to steal $5 million from resolvers, third-party entities executing trades. How did this happen? Read the full story.