Crypto Dev Refuses to Add Inscriptions to National Vulnerability Database

Luke Dashjr, a Bitcoin core developer, has denied any involvement in including Bitcoin inscriptions as a cyber security risk on the U.S. National Vulnerability Database’s (NVD) Common Vulnerabilities and Exposures (CVE) list. Dashjr stirred up a debate in a Dec. 6 post on X (formerly Twitter) claiming that inscriptions, used by the Ordinals protocol and BRC-20 creators to embed data on satoshis, exploit a vulnerability in Bitcoin Core to “spam the blockchain”.

A few days later, some noticed that Bitcoin inscriptions had been added to the CVE list as part of the U.S. vulnerability database, which described it as a security flaw that enabled the development of the Ordinals protocol in 2022. Despite being a vocal critic of Bitcoin Ordinals, Dashjr told Cointelegraph that he had no involvement in adding inscriptions to the CVE list.

The CVE list is structured so that any developer can report a vulnerability. It is usually listed as long as the CVE Assignment Team deems it necessary for public knowledge.

Inscriptions get a vulnerability score, and it’s not too bad

On Dec. 11, the NVD updated the listing by assigning inscriptions a base severity score of “5.3 Medium.” According to data from software firm Atlassian, a medium score refers to a vulnerability where exploitation provides “very limited” access to a network or denial of service attacks that are quite difficult to execute.

Dashjr said that a major factor in the CVE lists’ 5.3 score was due to the vulnerability having a low availability impact on the Bitcoin network, but he argued the score could be understating its potential long-term effects, considering the web 3.0 crypto tokens list and the blockchain vs web 3.0.

The debate around the nature of Bitcoin inscriptions continues to rage across social media. While many Bitcoiners claim that inscriptions are “spamming the network,” advocates of Ordinals such as Taproot Wizards co-founder Udi Wertheimer say Ordinals are crucial to the next major wave of adoption and revenue generation for the Bitcoin network.

The Bitcoin network has seen increased congestion over the past few months due to a wider craze around Ordinals’ nonfungible token inscriptions and BRC-20 token minting. According to mempool.space, there are more than 275,000 unconfirmed transactions, and average medium-priority transaction costs have increased to around $14 from roughly $1.50. If the so-called inscriptions bug is patched, itcould potentially restrict future Ordinals inscriptions on the network.