Research · Tag · Validator Security

Posts tagged validator security.

9 entries · sorted: recency← All research
NRDAX
2026-07-13

NRDAX: browsable by chain and family, readable by machines

NRDAX now holds 623 techniques across 64 chains, 162 reproduced with bundles. New per-chain and per-family landing pages, a pretty Atom feed, JSON and STIX 2.1 and knowledge-pack distributions surfaced for machines, and a fix for the first_seen date bug.

Simon Morley
Read →2 min read
NRDAX
2026-07-11

NRDAX now includes known-but-not-reproduced techniques

NRDAX v0.1-import now contains 368 techniques across 21 chains: 140 with reproduced instances and bundles, and 228 known from public disclosures (CVEs, GHSAs, vendor advisories) but not yet reproduced in the lab. A CVE maps to its technique even when no bundle exists yet.

Simon Morley
Read →1 min read
NRDAX
2026-07-09

NRDAX: the canonical technique registry for decentralized infrastructure attacks

We have published NRDAX, the NullRabbit Decentralised Attack indeX, at nrdax.com. It is the reference registry for attack techniques against decentralized infrastructure: 135 chain-agnostic techniques, grouped into mechanism families, with a coverage matrix across 21 chains.

Simon Morley
Read →1 min read
SECURITY-RESEARCH
2026-07-07

Eighteen advisories, ten node implementations, one attack class

Since NR-2026-001, eighteen advisories across ten independent node implementations. Not unrelated bugs: one recurring attack class, unauthenticated ingress surfaces where a cheap request forces disproportionate cost. Egress and memory amplification, pre-auth CPU exhaustion, connection exhaustion, and crashes.

Simon Morley
Read →1 min read
VALIDATOR-SECURITY
2026-06-08

How close can an attacker get to your validator? We built a tool to find out

Most validator threat models assume an attacker can't co-locate with your node. We built a tool to measure the real number. It walked a cloud instance from 90ms to 40 microseconds for under a cent.

Simon Morley
Read →2 min read
SECURITY-RESEARCH
2026-06-02

Anyone can knock a validator over once. The skill is designing an attack you can learn from

Making a node fall over is easy and proves nothing. The craft is building a reproducer that isolates the mechanism, measures it against an honest baseline, bounds the cost, and runs on one command, so the number actually means something.

Simon Morley
Read →3 min read
VALIDATOR-SECURITY
2026-05-21

Expensive work before authentication: the RPC pattern we keep finding

The DoS class that scales against validators isn't volumetric. It's small requests that cost the node real work before it authenticates the caller. The pattern we keep finding across clients, and the fix.

Simon Morley
Read →2 min read
VALIDATOR-SECURITY
2026-05-15

We're securing validators at the wrong layer

Blockchain security money goes to smart-contract audits. The validators those contracts run on are defended for volume and almost nothing else. The attacks that actually scale live at the transport and RPC layer, and they're a class, not a list.

Simon Morley
Read →3 min read
RESEARCH
2026-05-13

Open data for blockchain validator security: the first multi-modal dataset for infrastructure attacks

We've published nr-bundles-public on Hugging Face: the first open, multi-modal dataset for blockchain validator security. 31 schema-pinned observations across Sui and Solana, seven attack families, CC-BY-4.0. Open bundle format, open ten-family taxonomy, closed corpus. The substrate for cross-chain ML detection of infrastructure attacks.

Simon
Read →7 min read