Bitcoin core vulnerability exposes risk to data carrier limits: NVD points out security issues
Vulnerability discovered
The National Vulnerability Database (NVD), a comprehensive cybersecurity resource, recently flagged serious security risks associated with Bitcoin Core and Bitcoin Notes. Specifically, this vulnerability, categorized as CVE-2023-50428, affects Bitcoin Core up to 26.0 and Bitcoin Knots versions prior to 25.1.knots20231115. This issue focuses on the ability to circumvent data carrier size limitations by disguising data as code. This is the method adopted by the Inscriptions group, especially in 2022 and 2023.
Impact and Abuse
This vulnerability has real-world implications for the Bitcoin network. By allowing data carrier limitations to be bypassed, the network can be flooded with non-transactional data. There is a risk of your website being blocked due to this possible spam. blockchainThis may ultimately affect network performance and transaction fees. These concerns are far from being theoretical, and have been actively exploited in recent years, as evidenced by the activities of the Ordinals Inscription.
Ordinal and network congestion
Ordinals Protocol, which will gain attention in late 2022, plays a central role in this scenario. The protocol involves inserting additional data, from images to text, into a satoshi, the smallest unit of Bitcoin. This process effectively turns each satoshi into a unique entity, conceptually similar to a non-fungible token (NFT) on networks like Ethereum. However, as Ordinals trading grew in popularity, network congestion increased. This increase in traffic increases transaction fees, slows processing times, and creates serious problems for Bitcoin’s network stability and efficiency.
Developer response and future outlook
In response to these issues, Bitcoin Core developer Luke Dashjr played a key role in resolving the vulnerability. He likened the problem to an influx of junk mail, disrupting essential communications within the Bitcoin network. Dashjr’s efforts contributed to the development of a patch for Bitcoin Knots v25.1. However, as of the upcoming v26 release, Bitcoin Core is still vulnerable. This issue is expected to be fully resolved in the v27 release scheduled for next year. Addressing this vulnerability is critical as it could potentially limit future Ordinals inscriptions while preserving existing inscriptions due to the immutability of the Bitcoin network.
Image source: Shutterstock