December 15, 2023

Bitcoin Ordinals-Related Bug Sparks Controversy, Makes its Way to U.S. National Vulnerability Database

A cautionary alert about a potential bug associated with Bitcoin ordinals spam has found its place in the U.S. National Vulnerability Database (NVD), a repository for cybersecurity threats maintained by the National Institute of Standards and Technology.

The U.S. National Vulnerability Database (NVD), recognized as a crucial repository for cybersecurity threats, now features information on an alleged bug linked to Bitcoin inscriptions.

Inscriptions, a crucial component of Bitcoin's Ordinals, facilitate the creation of digital collectibles akin to non-fungible tokens (NFTs). This functionality became possible with a key upgrade in January 2023, marking a notable evolution for Bitcoin.

The NVD plays a pivotal role in cybersecurity, especially for crypto enthusiasts concerned about the security of digital assets. Administered by the National Institute of Standards and Technology, the NVD meticulously documents software and hardware vulnerabilities, providing comprehensive details and severity ratings. Its integration with cybersecurity tools contributes to real-time threat assessment, a critical aspect for the dynamic blockchain and cryptocurrency industry.

The NVD entry directly references an earlier advisory from GitHub, indicating the potential to bypass Bitcoin's data carrier size by disguising data as code. The vulnerability is reported to have been exploited by Inscriptions in 2022 and 2023.

On the CVSS 3.x Severity and Metrics scale, the NVD classifies the issue as 5.3 or "medium" risk. A link to the official Bitcoin Wiki clarifies that while the issue is easy to exploit, it poses a denial-of-service (DoS) risk, suggesting that Bitcoin wallet balances are not directly threatened.

It's essential to note that the presence of the bug in the NVD doesn't imply official recognition by the U.S. government; rather, the NVD accepts reports from external users. The National Institute of Standards and Technology explicitly states that it does not endorse external links describing vulnerabilities.

Luke Dashjr's original complaint, cited by the NVD, emphasizes the exploitation of Bitcoin Core's vulnerability by inscriptions to spam the blockchain. Dashjr highlights that the vulnerability is labeled CVE-2023-50428, though its review status on the relevant GitHub page remains unconfirmed.

The bug, while semi-official, stirs controversy. Dashjr, a Bitcoin Core developer, has long opposed Ordinals and views fixing this vulnerability as an opportunity to eliminate Ordinals from Bitcoin entirely. His Bitcoin node, Bitcoin Knots, has addressed the issue, and his mining pool, Ocean, has reportedly ceased processing transactions related to the problem.

While Dashjr's efforts have garnered some community support, opposition within the Bitcoin community is evident. Some users express skepticism about the effectiveness of potential fixes, asserting that "inscriptions will never stop" regardless of future updates to the main Bitcoin client, Bitcoin Core.

Stay Connected
Join the conversation on 𝕏
Make a Difference
Support our content creators
and help us stay ad-free
BTC: bc1q6nt2u2u539kjgfn5hj8g9f8xk2hnwuudlrlnr9
Cryptocurrency news & learning platform
All Rights Reserved © 2024