Bitcoin Inscription Added to US National Vulnerability Database

The National Vulnerability Database (NVD) labeled Bitcoin Inscription a cybersecurity risk on Dec. 9, calling attention to the security flaws that led to the development of the Ordinals protocol in 2022.

According to the database records, in some versions of Bitcoin Core and Bitcoin Knots, it is possible to bypass data carrier restrictions by masking the data as code. "As inscribed in the wild in 2022 and 2023," the document reads.

Being added to the NVD list means that a specific cybersecurity vulnerability has been identified, catalogued and deemed important for public awareness. The database is managed by the National Institute of Standards and Technology (NIST), an agency within the U.S. Department of Commerce.

Bitcoin vulnerabilities are listed in the Common Vulnerabilities and Exposures (CVE) system. Source: CVE log.

Bitcoin’s network vulnerability is currently being analyzed. As a potential impact, it could cause a large amount of non-transaction data to flood the blockchain, potentially increasing the size of the network and adversely affecting performance and fees.

On the NVD’s website, a recent post by Bitcoin Core developer Luke Dashjr on X (formerly Twitter) is cited as an information resource. Dashjr claims that Inscription exploited a Bitcoin Core vulnerability to spam the network. “I imagine it’s like getting spam and having to sift through it every day to find your contacts. This slows down the process,” one user wrote in the discussion.

Why is it relevant to Ordinals?

Inscription consists of embedding additional data into a specific Satoshi (the smallest unit of Bitcoin). This data can be in any digital form, such as an image, text, or other form. Every time data is added to a Satoshi, it becomes a permanent part of the Bitcoin blockchain.

While data embedding has been part of the Bitcoin protocol for some time, its popularity has only increased with the advent of Ordinals in late 2022, which allows unique digital art to be embedded directly into Bitcoin transactions, similar to how non-fungible tokens (NFTs) run on the Ethereum network.

In 2023, Ordinals transaction volume clogged the Bitcoin network several times, leading to more competition to confirm transactions, which increased fees and slowed processing times.

If the bug is patched, it has the potential to restrict Ordinals inscriptions on the network. When asked if Ordinals and BRC-20 tokens “will no longer exist” if the vulnerability is fixed, Dashjr responded: “Correct.” However, due to the immutable nature of the network, existing inscriptions will remain unchanged.