NRDAX: the canonical technique registry for decentralized infrastructure attacks
We have published NRDAX (NullRabbit Decentralised Attack indeX) at nrdax.com.
NRDAX is the reference registry for attack techniques against decentralized infrastructure. Each entry is a chain-agnostic technique: an equivalence class of real primitives observed across node implementations, spanning consensus, P2P, RPC, mempool, and related surfaces. Every technique carries a permanent ID, a mechanism description, instances across chains, and reproducers.
Current state (v0.1-import)
- 135 techniques
- Grouped into mechanism families: compute_amp, connection_exhaustion, gossip_abuse, memory_amp, response_amp, and others
- Coverage matrix across 21 chains, with lab and production evidence
Built from the corpus
The registry is built from the same ground-truth corpus and taxonomy used in our advisories and detectors. It exists so the community has one citable, machine-readable place to reference how these systems are actually attacked at the infrastructure layer.
Link: nrdax.com
The corpus, taxonomy spec, and advisories remain the primary artifacts. NRDAX is the surfaced index over them.
This is the substrate.
Related Posts
NRDAX: browsable by chain and family, readable by machines
NRDAX now holds 623 techniques across 64 chains, 162 reproduced with bundles. New per-chain and per-family landing pages, a pretty Atom feed, JSON and STIX 2.1 and knowledge-pack distributions surfaced for machines, and a fix for the first_seen date bug.
NRDAX now includes known-but-not-reproduced techniques
NRDAX v0.1-import now contains 368 techniques across 21 chains: 140 with reproduced instances and bundles, and 228 known from public disclosures (CVEs, GHSAs, vendor advisories) but not yet reproduced in the lab. A CVE maps to its technique even when no bundle exists yet.
Eighteen advisories, ten node implementations, one attack class
Since NR-2026-001, eighteen advisories across ten independent node implementations. Not unrelated bugs: one recurring attack class, unauthenticated ingress surfaces where a cheap request forces disproportionate cost. Egress and memory amplification, pre-auth CPU exhaustion, connection exhaustion, and crashes.
