The United States National Vulnerability Database (NVD) has raised alarm bells over Ordinals and BRC-20 tokens, linking them to a “vulnerability” in the Bitcoin code.
NIST National Vulnerability Database and Ordinals
According to the NVD notice, BRC-20 tokens exploit vulnerabilities in “certain versions of Bitcoin Core and Bitcoin Knots”, allowing them to bypass established size restrictions on additional information, known as “inscriptions.”
The Ordinals protocol, as discussed by Bitcoin Core developer Luke Dashjr, facilitates the obfuscation of data by disguising it as code within BRC-20 tokens. NVD features a recent post by the developer on X, highlighting the impact of these inscriptions. He stated:
“Inscriptions are exploiting a vulnerability in Bitcoin Core to spam the blockchain. Bitcoin Core has, since 2013, allowed users to set a limit on the size of extra data in transactions they relay or mine. By obfuscating their data as program code, Inscriptions bypass this limit.”
Notably, some have described inscriptions as akin to receiving junk mail that users must sift through daily, ultimately slowing down the network.
The NVD has categorized inscriptions using the Ordinals protocol as a significant cybersecurity threat to the Bitcoin network. While currently at the analysis stage, the identification in the NVD database implies high public awareness of the vulnerability.
The agency emphasized that the BRC-20 tokens have already caused substantial congestion in the Bitcoin network, negatively affecting blockchain performance and leading to increased transaction fees.
BRC-20 and Ordinals Protocol
BRC-20, an experimental token standard on the BTC network, utilizes JavaScript Object Notation (JSON) data to “label” satoshis, the smallest unit of Bitcoin. The BRC-20 token standard gained traction amid the community’s enthusiasm for the Ordinals protocol, launched in early 2023.
The Ordinals protocol marked a notable increase in data embedding within the Bitcoin blockchain. It allows small images and animations and all sorts of data to be directly embedded into Bitcoin transactions, resembling the operation of NFTs on other networks.
The surge in excitement surrounding Ordinals led to multiple prolonged instances of overload on the Bitcoin blockchain this year. This resulted in increased competition to confirm transactions and a subsequent rise in fees, with the average transaction value reaching $14–$16.
The identified “vulnerability”, if patched, has the potential to restrict Ordinals inscriptions on the network. Dashjr confirmed that if the bug was to be fixed, Ordinals and BRC-20 tokens would cease to be viable. However, existing inscriptions would remain intact due to the immutability of the network, underscoring the importance of addressing the issue promptly to ensure the security and efficiency of the Bitcoin network.
Related reading: