On December 9, the National Vulnerability Database (NVD) marked Bitcoin's Inscription as a cybersecurity concern, shedding light on security vulnerabilities that contributed to the development of the Ordinals protocol in 2022.
The NVD highlighted certain versions of Bitcoin Core and Bitcoin Knots that enabled circumvention of data carrier restrictions by disguising data as code, a flaw exploited by Inscriptions in 2022 and 2023, according to database records.
Inclusion in the NVD list signifies the identification and documentation of a specific cybersecurity vulnerability deemed significant for public awareness. Managed by the National Institute of Standards and Technology (NIST) under the U.S. Department of Commerce, the database is currently analyzing Bitcoin's network vulnerabilities. The reported vulnerability could potentially flood the blockchain with substantial amounts of non-transactional data, leading to increased network size, performance degradation, and higher fees.
The NVD's reference includes a recent post by Bitcoin Core developer Luke Dashjr on X (formerly Twitter), who mentioned that Inscription exploited a Bitcoin Core vulnerability to spam the network. Discussions revealed users experiencing slowdowns in transaction processing due to the spam-like activity caused by Inscription.
Inscription involves embedding diverse data into a satoshi, the smallest unit of Bitcoin, making it a permanent part of the blockchain. While this data embedding has been part of the Bitcoin protocol for some time, its prominence grew with the emergence of Ordinals in late 2022. Ordinals allowed unique digital artwork to be embedded directly into Bitcoin transactions, resembling non-fungible tokens (NFTs) on the Ethereum network.
The Ordinals transactions in 2023 caused network congestion, resulting in heightened transaction confirmation competition, increased fees, and slower processing times. If patched, the bug may restrict ordinal inscriptions on the network, possibly altering the existence of Ordinals and BRC-20 tokens. However, existing inscriptions will remain unchanged due to the network's immutability.
