以太坊的pectra升级后推迟了Sepolia Testnet攻击

以太坊的pectra升级再次被推迟，因为一名未知的攻击者使用棕褐色测试网上的漏洞。

The Pectra upgrade for Ethereum has been postponed yet again following an attack on the Sepolia testnet by an unknown attacker who exploited a vulnerability to execute an interesting attack that resulted in the production of empty blocks.

一位未知的攻击者对塞波利亚测试网进行了攻击后，以太坊的pectra升级再次被推迟，该攻击者利用了一个脆弱性来执行有趣的攻击，从而导致了空块的产生。

The problem was first brought to the attention of the community by Ethereum developer Marius Van Der Wijden, who noticed that the issue had started sometime after Pectra went live on March 5. Developers saw error messages and sporadic empty block mining, originating from an irregular event in the deposit contract. Instead of triggering a deposit event, the contract mistakenly triggered a transfer event, which was causing issues.

以太坊开发商Marius van der Wijden首先引起了社区的注意，他注意到该问题在3月5日Pectra上线后的某个时候开始了。开发人员看到了错误的消息和零星的空街区开采，源自存款合同中的不规则事件。该合同没有触发存款事件，而是错误地触发了转移事件，这引起了问题。

The community began discussing potential causes and solutions, finally converging on a private fix that involved patching a limited number of DevOps nodes. The assumption was that the attacker was likely listening in on their communications, necessitating a stealthy method of deployment.

社区开始讨论潜在原因和解决方案，最终融合了一个私人修复程序，涉及修补有限数量的DevOps节点。假设是攻击者可能正在聆听他们的通信，需要一种隐秘的部署方法。

The goal was to solve fuller blocks in order to reach a point where deploying the fix would not leave any space for the attacker to continue the attack.

目的是解决填充块，以达到部署修复程序的地步，不会为攻击者继续攻击留出任何空间。

Geth attempted to address the issue by rejecting bad logs of the deposit contract but overlooked an edge case of the ERC-20 standard. The attacker targeted it by executing zero-token transfers, rendering block creation useless. The network kept producing empty blocks until developers coordinated and rolled out a private fix, resuming full block production.

格斯（Geth）试图通过拒绝存款合同的不良日志来解决这个问题，但忽略了ERC-20标准的边缘案例。攻击者通过执行零token转移而针对它，使创建块无用。该网络不断生产空块，直到开发人员协调并推出了一个私人修复程序，并恢复了完整的块生产。

The incident did not affect Ethereum’s mainnet, and the network sustained finalization. The difference between deposit contracts on the Ethereum mainnet and Sepolia testnet was the most significant reason for the success of the attack.

该事件不会影响以太坊的主网，并且网络持续完成。以太坊主网和棕褐色测试网的存款合同之间的差异是攻击成功的最重要原因。

After the attack was mitigated and the Pectra upgrade on Sepolia completed successfully, developers have decided to postpone the mainnet launch to allow more time for testing and debugging. This decision comes after a series of delays and testing phases.

减轻攻击并成功完成塞波利亚的Pectra升级后，开发人员已决定推迟主网发射，以便更多时间进行测试和调试。该决定是在一系列延迟和测试阶段之后进行的。

The Pectra upgrade introduces several changes to Ethereum, including new opcodes, testing for an edge case in the ERC-20 standard, and support for the AVM (Atomic Value Modules) standard. The upgrade is also designed to improve the efficiency and scalability of the Ethereum network.

Pectra升级引入了以太坊的几个更改，包括新的Opcodes，对ERC-20标准中的边缘情况进行测试以及对AVM（原子值模块）标准的支持。升级还旨在提高以太坊网络的效率和可扩展性。

As Pectra is set to bring several changes to the network, it is crucial that it is tested thoroughly to avoid any unforeseen issues. The Sepolia attack highlights the importance of vigilance and cooperation among developers in maintaining the security and stability of the blockchain ecosystem.

由于Pectra将为网络带来一些变化，因此对其进行彻底测试以避免任何不可预见的问题至关重要。 Sepolia攻击强调了开发商之间警惕和合作在维持区块链生态系统的安全性和稳定性方面的重要性。