Anyone can knock a validator over once. The skill is designing an attack you can learn from
Making a validator fall over is easy. Point enough traffic at almost anything and a graph goes red, and you can screenshot it and call it a finding. It proves nothing. The number could be the attack, or your noisy neighbour, or the box's own configured baseline. We've fooled ourselves with exactly that kind of screenshot and had to retract it.
The actual skill, the part that took us longest to get right, is designing an attack you can learn something from. That comes down to a few disciplines.
We build reproducers for shapes, not for targets. We're not trying to break one chain. We're trying to isolate a portable mechanism, expensive crypto before the allowlist check, or attacker work on a synchronous executor, in a form clean enough that we can carry it to the next client and see whether the same shape lands. A bug is a story about one codebase. A shape is a story about an assumption, and assumptions travel.
Everything runs on our own isolated infrastructure. This is method, not caution. You cannot get a baseline you trust on a system you don't control, and you cannot iterate at any speed on someone else's box. A clean room is how you hold every variable still except the one you're testing. It is also the only honest way to do this work, but the reason it's in our process is that it's the only way the resulting number is worth anything.
The baseline comes from the system's own configuration, never an adjacent system's defaults. That single mistake, comparing a lab cluster's slot rate against an assumed mainnet pace, is what produced the finding we had to pull. Now the baseline is measured from the target's own genesis config before the attack runs, and the claim is the delta against that, nothing else.
We run a control arm. Defended, undefended, and present-but-disabled, side by side, under the identical attack, so the result is causal and not asserted. If the disabled node degrades like the undefended one, we know the recovery we're claiming is real and not the environment being kind.
We bound the cost and report it. An entire cross-chain measurement campaign cost us about the price of a coffee; the proximity tool converged for under a cent. Cheap isn't a brag. It's evidence the mechanism is genuinely accessible to a real adversary and not an artefact that needs a supercomputer to provoke.
And we scope to the floor we proved, not the ceiling we fear. We keep the wire-shape label because the packets are real, and we strip every impact claim we didn't actually demonstrate, programmatically, so we can't leave one in by accident.
If we can't hand you one command that reproduces the whole thing and tears itself down, we haven't measured an attack. We've told an anecdote. The design is what turns the anecdote into something you can act on.
Simon Morley researches validator infrastructure security and is the founder of NullRabbit. About / contact.
Related Posts
How we decide a finding is real before we tell you about it
We had a clean denial-of-service against consensus. Re-verification said the baseline was that low by config. No attack. So we pulled it. The discipline that catches our own mistakes is the reason our advisories are worth reading.
How close can an attacker get to your validator? We built a tool to find out
Most validator threat models assume an attacker can't co-locate with your node. We built a tool to measure the real number. It walked a cloud instance from 90ms to 40 microseconds for under a cent.
Expensive work before authentication: the RPC pattern we keep finding
The DoS class that scales against validators isn't volumetric. It's small requests that cost the node real work before it authenticates the caller. The pattern we keep finding across clients, and the fix.