Posts tagged security research.

Making a node fall over is easy and proves nothing. The craft is building a reproducer that isolates the mechanism, measures it against an honest baseline, bounds the cost, and runs on one command, so the number actually means something.

We had a clean denial-of-service against consensus. Re-verification said the baseline was that low by config. No attack. So we pulled it. The discipline that catches our own mistakes is the reason our advisories are worth reading.