一名未知的攻擊者促使以太坊開發人員在塞波利亞測試網上升級的網絡升級期間陷入技術問題時推出了“私人修復”。

在一份事後報告中，以太坊開發人員Marius van der Wijden揭示了攻擊者剝削的“ Exprolly the Edge the Edge to re trorders”，該攻擊者揭示了“ YERDERFERS”，該公司的經過差異，該攻擊者揭示了“重複的又一次競爭”。 complicating an already troubled rollout.

What happened?

On March 5, the Pectra upgrade went live on Sepolia, but almost immediately, developers started seeing error messages popping up on their geth nodes, alongside an increase in empty blocks being mined.

According to van der Wijden, the issue stemmed from the deposit contract emitting an unexpected event—a transfer event instead of the required deposit event—which caused nodes to reject交易和僅生產空塊。

該錯誤鏈接到EIP-6110，這需要存款合同中的所有日誌processed uniformly.

The geth team rolled out a fix that would “ignore all erroneous logs coming from the deposit contract,” but developers reportedly overlooked a specific edge case in the ERC-20 standard.

“The ERC20 standard does not forbid 0 token transfer, this allows anyone (evenif they don’t own any token) to transfer 0 tokens to another address which will emit an event,” van der Wijden explained, adding that an “attacker” took advantage of this by repeatedly sending zero-token transfers to the deposit contract.

This triggered the same error and caused the network to continue mining empty blocks.

You might also like: Ethereum’s Pectra upgrade on Sepolia encounters issues

Initially, developers suspected a trusted validator had made a mistake, but upon investigation, they traced the發給新資助的Account從公共水龍頭。

為了停止攻擊，開發人員需要過濾與存款合同相互作用的交易。但是，他們懷疑攻擊者正在監視他們的聊天，這促使他們推出了“私人修復程序”，以選擇控製網絡約10％的DevOps節點。

一旦部署了修復程序，恢復節點就可以恢復完整的塊，從而在14:00 UTC之前正常使用鏈條。幾個街區之後，襲擊者的交易已成功開採，證實了所有節點運營商都已更新。

儘管有乾擾，以太坊“從未失去最終確定”，並且該問題僅限於Sepolia，因為它的標誌性存款與Ethereum Mainnet存款合同不同，根據van Weijden Weijden Weijden derra，

升級以進行進一步測試和調試。

什麼是以太坊的pectra升級？

pectra fork旨在增強ETH靜止狀態，改善第2層可擴展性並擴展網絡容量。它介紹了11個以太元的改進建議（EIPS），並標誌著自2024年3月啟用Dencun以來的首次重大升級。

，如Crypto.news先前報導，開發人員計劃在4月8日之前在Mainnet上部署Pectra。 2月24日的Holesky Testnet，它也遇到了最終確定的技術問題。

閱讀更多：以太坊的pectra升級通行證審核，仍在啟動啟動