NRDAX now includes known-but-not-reproduced techniques
NRDAX v0.1-import now contains 368 techniques across 21 chains.
- 140 techniques have reproduced instances with bundles.
- 228 techniques are known from public disclosures (CVEs, GHSAs, vendor advisories) but have not been reproduced in the lab.
Known, not just reproduced
Each technique is chain-agnostic and mechanism-defined. A CVE maps to its technique even if no bundle exists yet. Gaps are ranked by volume of real-world references.
The registry remains additive. Existing technique IDs are unchanged.
Explore at nrdax.com. The gaps are visible in the coverage matrix.
Related Posts
NRDAX: the canonical technique registry for decentralized infrastructure attacks
We have published NRDAX, the NullRabbit Decentralised Attack indeX, at nrdax.com. It is the reference registry for attack techniques against decentralized infrastructure: 135 chain-agnostic techniques, grouped into mechanism families, with a coverage matrix across 21 chains.
Eighteen advisories, ten node implementations, one attack class
Since NR-2026-001, eighteen advisories across ten independent node implementations. Not unrelated bugs: one recurring attack class, unauthenticated ingress surfaces where a cheap request forces disproportionate cost. Egress and memory amplification, pre-auth CPU exhaustion, connection exhaustion, and crashes.
Anyone can knock a validator over once. The skill is designing an attack you can learn from
Making a node fall over is easy and proves nothing. The craft is building a reproducer that isolates the mechanism, measures it against an honest baseline, bounds the cost, and runs on one command, so the number actually means something.
