Eighteen advisories, ten node implementations, one attack class
Since NR-2026-001 we have published eighteen advisories across ten independent node implementations. They are not unrelated bugs. They are recurring attack classes targeting the same structural weakness: unauthenticated ingress surfaces where a cheap request forces disproportionate cost.
Egress amplification
Short request, massive response. IOTA multiGetObjects: 41,636x. Aptos accounts/modules: ~10,000x. rippled batch: 25-32x.
Memory amplification
IOTA gRPC streams: 472 MB to 7.6 GB in seconds. Cardano submit-api: 444 MB persistent from a 500 MB POST. Sui wide-filter subscriptions: persistent pins until restart.
Pre-auth CPU exhaustion
Bitcoin Core BIP-324 handshake: 55-256x latency inflation. CometBFT SecretConnection: three cores at 56k probes/sec.
Connection exhaustion and crashes
IOTA gRPC subscriber-slot exhaustion. Cosmos-SDK gRPC: no MaxConcurrentStreams limit. reth transaction decode: unbounded Vec, fixed upstream (PR #23718). Agave snapshot bootstrap panic via oversized AppendVec data_len, before the hash gate.
One taxonomy
The mechanism is chain-agnostic. The taxonomy and public corpus (NullRabbit/nr-bundles-public) catalogue by class, not chain.
All measured on instrumented infrastructure. Full details and reproducers in the individual advisories.
Related Posts
NRDAX: browsable by chain and family, readable by machines
NRDAX now holds 623 techniques across 64 chains, 162 reproduced with bundles. New per-chain and per-family landing pages, a pretty Atom feed, JSON and STIX 2.1 and knowledge-pack distributions surfaced for machines, and a fix for the first_seen date bug.
NRDAX now includes known-but-not-reproduced techniques
NRDAX v0.1-import now contains 368 techniques across 21 chains: 140 with reproduced instances and bundles, and 228 known from public disclosures (CVEs, GHSAs, vendor advisories) but not yet reproduced in the lab. A CVE maps to its technique even when no bundle exists yet.
NRDAX: the canonical technique registry for decentralized infrastructure attacks
We have published NRDAX, the NullRabbit Decentralised Attack indeX, at nrdax.com. It is the reference registry for attack techniques against decentralized infrastructure: 135 chain-agnostic techniques, grouped into mechanism families, with a coverage matrix across 21 chains.
