Last week a Bitcoin developer Luke Dashjr raised the alarm about a possible vulnerability in the network related to the Bitcoin Ordinals that could lead to a code exploit. After posting his findings on social media, Dashjr’s warnings were not taken seriously as community members thought this was not a problem. However, the US government appears to be taking the vulnerability seriously and adding it to its vulnerability database.
Dashjr’s finds vulnerability in Bitcoin network
Dashjr had first raised the alarm about the bug in the Bitcoin network on December 6 via an X-post (formerly Twitter). As the developer explains, this bug was related to the BTC inscriptions that have gained popularity over the past year. This capability has helped developers create what could be called Bitcoin’s version of non-fungible tokens (NFTs).
Building on Ordinals’ mechanism, Dashjr explained that the Inscriptions actually exploited a vulnerability in the Bitcoin Core. Developers can hide their data as program code, allowing them to bypass the preset limit on the size of additional data that can be included in BTC transactions.
Dashjr explained that he was working on solving this problem. However, the vulnerability remains because developers can still make inscriptions on the network. Even after being fixed in “Bitcoin Knots v25.1,” the developer explains that the vulnerability is still present “in the upcoming version of v26.” As for when the vulnerability can be fully fixed, Dashjr said he hopes this will happen sometime in 2024.
If Bitcoinist reportednot everyone in the community agreed that this was in fact a vulnerability. Some feared that if the ‘vulnerability’ was eventually fixed, Ordinals and BRC-20 tokens would disappear, to which Dashjr responded in the affirmative.
BTC price falls below $42,000 | Source: BTCUSD on Tradingview.com
NIST adds BTC bug to vulnerability list
Despite the Bitcoin community not taking the vulnerability warning seriously, the US government has taken a more proactive approach. The National Vulnerability Database, which falls under the government agency, the National Institute of Standards and Technology (NIST), has moved on to add the vulnerability to the Vulnerability List under ‘Common Vulnerabilities and Exposures’.
The agency assigned the vulnerability the code CVE-2023-50428 after determining that it could be a potential risk to the network, especially when it comes to security or integrity. This means that the agency believes this could lead to an exploit in the Bitcoin network.
The existence of Ordinals and BRC-20 tokens has already been identified as one of the ways this vulnerability is already being exploited. Naturally, the agency is trying to prevent other ways in which the vulnerability could be further exploited in a way that could cause harm to its users.
