Bitcoin Inscriptions Flagged as Cybersecurity Risk by US National Vulnerability Database

Bitcoin Network Vulnerability Raises Concerns

The National Vulnerability Database (NVD) has recently classified Bitcoin's inscriptions as a cybersecurity risk. This highlights a security flaw that led to the development of the Ordinals Protocol in 2022.

According to the NVD records, certain versions of Bitcoin Core and Bitcoin Knots have a datacarrier limit that can be bypassed by disguising data as code. The database document states that this vulnerability was exploited by Inscriptions in 2022 and 2023.

When a vulnerability is added to the NVD's list, it means that it has been identified, categorized, and considered important for public awareness. The NVD is managed by the National Institute of Standards and Technology (NIST), an agency of the U.S. Department of Commerce.

Potential Impact on Bitcoin's Network

The vulnerability in Bitcoin's network is currently being analyzed. One potential consequence is the potential influx of non-transactional data spamming the blockchain, which could lead to increased network size, reduced performance, and higher fees.

Bitcoin Core developer Luke Dashjr's recent post on X (formerly Twitter) is featured on the NVD's website as an informative resource. Dashjr claims that inscriptions exploit a vulnerability in Bitcoin Core, resulting in network spam. Users in the discussion described it as receiving junk mail that slows down the process of finding important messages.

Relevance to Ordinals

Inscriptions involve adding additional data to a specific unit of Bitcoin called a satoshi. This data can be in various digital forms such as images, text, or other media. Each time data is added to a satoshi, it becomes a permanent part of the Bitcoin blockchain.

While data embedding has been a part of the Bitcoin protocol for some time, its popularity increased with the introduction of Ordinals in late 2022. This protocol allows for the direct embedding of unique digital art into Bitcoin transactions, similar to how nonfungible tokens (NFTs) operate on the Ethereum network.

The high volume of Ordinals transactions caused congestion on the Bitcoin network multiple times in 2023. This led to increased competition for transaction confirmations, resulting in higher fees and slower processing times.

If the vulnerability is patched, it could potentially restrict Ordinals inscriptions on the network. When asked if Ordinals and BRC-20 tokens would no longer exist if the vulnerability was fixed, Dashjr confirmed that they would cease to exist. However, existing inscriptions would remain intact due to the immutability of the network.