News

Bitcoin dev denies adding inscriptions to National Vulnerability Database

Bitcoin dev denies adding inscriptions to National Vulnerability Database


Bitcoin core developer Luke Dashjr has denied playing any part in adding Bitcoin inscriptions as a cybersecurity risk on the United States National Vulnerability Database’s (NVD) Common Vulnerabilities and Exposure (CVE) list. 

Dashjr courted controversy in a Dec. 6 post to X (formerly Twitter) claiming that Inscriptions — used by the Ordinals Protocol Ordinals and BRC-20 creators to embed data on satoshis — exploit a Bitcoin Core vulnerability to “spam the blockchain.”

PSA: “Inscriptions” are exploiting a vulnerability in #Bitcoin Core to spam the blockchain. Bitcoin Core has, since 2013, allowed users to set a limit on the size of extra data in transactions they relay or mine (`-datacarriersize`). By obfuscating their data as program code,…

— Luke Dashjr (@LukeDashjr) December 6, 2023

Some observers then pointed to Dashjr days later, when Bitcoin inscriptions appeared on the U.S. vulnerability database as part of the CVE list on Dec. 9, which described it as a security flaw that enabled the development of the Ordinals Protocol in 2022.

However, despite being an outspoken Bitcoin Ordinals critic, Dashjr told Cointelegraph that he had no role in adding inscriptions to the vulnerability database’s CVE list.

Interestingly, the CVE list is designed so that any developer can lodge a vulnerability and is typically listed as long as the CVE Assignment Team deems it important for public awareness.

Inscriptions get a vulnerability score and it’s not too bad

On Dec. 11 the NVD updated the listing by assigning Inscriptions a base severity score of “5.3 Medium.”

According to data from software firm Atlassian, a medium score refers to a vulnerability where exploitation provides “very limited” access to a network or denial of service attacks that are quite difficult to execute.

The CVE List has assigned a 5.3 Medium score to the Inscriptions listing. Source: NVD

Related: Bitcoin Ordinals could be stopped if blockchain bug is patched, claims dev

Dashjr said that a major factor in the CVE lists’ 5.3 score was due to the vulnerability having a low availability impact on the Bitcoin network, but argued the score could be understating its potential long-term impact.

“I think this [score] may understate the impact, failing to consider the long-term effects of blockchain bloat. If they had classified the availability impact as “High”, the CVSS base score would be 7.5,” he said.

The debate around the nature of Bitcoin inscriptions continues to rage across social media. While many Bitcoiners claim that inscriptions are “spamming the network,” Ordinals advocates such as Taproot Wizards co-founder Udi Wertheimer say Ordinals are crucial to the next major wave of adoption and revenue generation for the Bitcoin network.

ordinals are a bug pic.twitter.com/vU0CXgD9wY

— Udi Wertheimer (@udiWertheimer) December 12, 2023

The Bitcoin network has seen increased congestion over the past few months due to a wider craze for Ordinals nonfungible token (NFT) inscriptions and BRC-20 token minting.

According to mempool.space, there are more than 275,000 unconfirmed transactions, and average medium-priority transaction costs have increased to around $14 from roughly $1.50. If the so-called Inscriptions bug is patched, it could potentially restrict future Ordinals inscriptions on the network.

Magazine: Lawmakers’ fear and doubt drives proposed crypto regulations in US





Source: https://cointelegraph.com/news/bitcoin-developer-luke-dashjr-denies-adding-inscriptions-nvd-vulnerability-score

Leave a Reply

Your email address will not be published. Required fields are marked *