NRDAX
Submit

← registry

NRDAX-T0326 - Unbounded Peer-Slot Sybil

gossip_abuse · active · first seen 2026-07-09

provenance: Reproduced in NullRabbit's attack-reproduction pipeline

mechanism

Sybil (SlowMist Blockchain Common Vulnerability List): a flood of full RLPx+eth-handshake peers each with a DISTINCT node identity occupies the target's inbound peer slots and biases peer selection (e

instances (2)

chainprimitivefidelityoriginreproducer (bundle)source
bitcoin sybil_peer_identity_flood lab reverse-engineered-cve sybil_peer_identity_flood github.com ↗
ethereum geth_sybil_identity_flood lab reverse-engineered-cve geth_sybil_identity_flood github.com ↗

references

vendor-advisory: SLOWMIST-SYBIL

related (gossip_abuse)

cite

https://nrdax.com/techniques/NRDAX-T0326

plain

NRDAX Registry. Technique NRDAX-T0326.

bibtex
@misc{nrdax_NRDAX_T0326,
  title = {Unbounded Peer-Slot Sybil (NRDAX-T0326)},
  howpublished = {NRDAX Registry},
  url = {https://nrdax.com/techniques/NRDAX-T0326},
}
json (csl)
{
  "id": "nrdax-NRDAX-T0326",
  "type": "dataset",
  "title": "Unbounded Peer-Slot Sybil (NRDAX-T0326)",
  "URL": "https://nrdax.com/techniques/NRDAX-T0326",
  "publisher": "NRDAX Registry"
}