Bitcoin Core Vulnerability Exposes Risks in Datacarrier Limits: NVD Flags Security Concerns
The Discovery of the Vulnerability
The National Vulnerability Database (NVD), a comprehensive cybersecurity resource, recently flagged a significant security risk associated with Bitcoin Core and Bitcoin Knots. Specifically, the vulnerability, cataloged as CVE-2023-50428, affects versions of Bitcoin Core up to 26.0 and Bitcoin Knots before 25.1.knots20231115. This issue centers around the ability to bypass datacarrier size limits by disguising data as code, a method employed notably by the Inscriptions group in both 2022 and 2023.
Impact and Exploitation
This vulnerability has real-world implications for the Bitcoin network. By allowing the bypassing of datacarrier limits, the network could be inundated with non-transactional data. This spamming potential poses a risk of clogging the blockchain, which could, in turn, affect network performance and transaction fees. The concern is far from theoretical, having been actively exploited, as evidenced by the activities of the Ordinals inscriptions in recent years.
Ordinals and Network Congestion
The Ordinals Protocol, gaining traction in late 2022, plays a central role in this scenario. This protocol involves embedding additional data, ranging from images to text, onto a satoshi, Bitcoin's smallest unit. This process effectively turns each satoshi into a unique entity, similar in concept to non-fungible tokens (NFTs) on networks like Ethereum. However, the increased popularity of Ordinals transactions has led to heightened network congestion. This rise in traffic is responsible for increased transaction fees and slower processing times, presenting significant challenges for Bitcoin's network stability and efficiency.
Developer Response and Future Outlook
In response to these challenges, Bitcoin Core developer Luke Dashjr has been instrumental in addressing the vulnerability. He likens the problem to an influx of junk mail, disrupting essential communications within the Bitcoin network. Dashjr's efforts have contributed to the development of a patch in Bitcoin Knots v25.1. However, as of the upcoming v26 release, Bitcoin Core remains vulnerable. There is hope that this issue will be fully addressed in the v27 release scheduled for the following year. The resolution of this vulnerability is crucial, as it could potentially restrict future Ordinals inscriptions while preserving existing ones due to the immutable nature of the Bitcoin network.
Image source: Shutterstock