Ethereum Sepolia testnet suffered unexpected issues following the Pectra upgrade of March 5. Developers experienced error messages and empty blocks soon after the activation. A hacker exploited an edge case in the ERC-20 contract, which led to continuous block production failures.
The developers were already experiencing problems while Pectra was being tested in the Holesky testnet on Feb. 26. The Sepolia update introduced a new issue. The team initially suspected the issue was caused by an invalid event being emitted by the deposit contract.
The contract, which was token-gated, triggered an ERC-20 transfer event instead of the expected deposit event. As a result, all Ethereum clients processed it incorrectly, causing invalid blocks and leading to empty block mining.
Ethereum Dev deployed a temporary fix to restore blocks
Felix of the go-Ethereum team provided a quick temporary patch. The strategy was to roll the update out in a synchronized manner to prevent the possibility of chain splits. By the time it was 14:00 UTC, the update was applied to all the nodes, and block production was back to its normal state.
The attacker, however, made use of the ERC-20 standard’s provision for zero-token transfers during this period. This again caused the same problem to occur, resulting in empty blocks appearing again. To counter this, the developers silently excluded the transactions which engaged with the deposit contract.
They believed the attacker was eavesdropping, so only patched a limited portion of the nodes. These patched nodes resumed creating blocks in a regular manner. All Sepolia nodes synchronized at the last fix at 14:00 UTC, which resolved the issue.
The attacker’s transaction was mined, which verified the update was live across the network. Sepolia never lagged behind in finalization despite the interruption, and the problem was isolated from Ethereum’s mainnet.
