The Pectra upgrade on the Sepolia testnet encountered a serious problem when an attacker exploited a vulnerability that caused the network to continuously generate empty blocks. Although the Ethereum development team quickly deployed a patch to control the situation, they were forced to postpone the deployment of Pectra on the mainnet to continue testing, causing concern among the investment community.

Sepolia Testnet Incident
Pectra was deployed on the Sepolia testnet at 7:29 AM on March 5. Initially, the process went smoothly, but not long after, Ethereum developer Marius van der Wijden discovered that Geth nodes began to fail and many empty blocks continuously appeared.

The initial cause was determined to be that the deposit contract triggered the wrong type of event, leading to nodes processing transactions incorrectly. Although the Ethereum team quickly released a fix, they left out an edge case that allowed an attacker to exploit the vulnerability.

An unknown user sent a transaction with zero tokens to the deposit contract, re-triggering the bug and causing the network to continue generating empty blocks. Initially, the team suspected that the bug might be manipulated by a trusted validator. However, upon investigation, they discovered that the transaction came from a new account, funded via a faucet.

Since the ERC-20 standard allows users to make transactions with zero tokens without owning the tokens, the attacker took advantage of this to disrupt the Ethereum network.

Fix and Pectra Delay
To prevent the attack, the Ethereum team decided to filter all transactions that interacted with the deposit contract. They deployed a private fix on some DevOps nodes controlled by the Ethereum Foundation, instead of making the fix public immediately.

Developer Van der Wijden said: "We suspect that the attacker is monitoring internal conversations, so we decided not to make the patch public but to update some nodes to ensure the network continues to produce full blocks."

By 2 p.m. the same day, all nodes had been updated with the fix and the Sepolia network returned to a stable state.

However, due to this incident, the Ethereum development team decided to postpone the deployment of Pectra on the mainnet to conduct further testing and ensure the stability of the network.

Concerns from the investment community

This is not the first time Ethereum has encountered problems while testing Pectra. Previously, on February 26, this upgrade also encountered problems on the Holesky testnet due to a validator configuration error.

The continued testing failures could undermine the community’s confidence in Ethereum, especially as competitors like Solana gain traction with their faster transaction speeds and lower fees.

Conclusion
The Pectra upgrade continues to struggle as attackers exploit a vulnerability on the Sepolia testnet. While the Ethereum Foundation quickly brought the situation under control, the incident once again shows that Ethereum’s testing has room for improvement.

The delay of Pectra has many investors concerned about the stability of Ethereum when deployed on the mainnet. The development team will need to step up testing and verification to ensure that Pectra can launch smoothly and avoid negatively affecting the Ethereum ecosystem.