Monday, 4 March 2024

Crypto News

Bitcoin dev denies adding inscriptions to National Vulnerability Database

Bitcoin dev denies adding inscriptions to National Vulnerability Database

Bitcoin core developer Luke Dashjr has denied playing any part in adding Bitcoin inscriptions as a cybersecurity risk on the United States National Vulnerability Database’s (NVD) Common Vulnerabilities and Exposure (CVE) list. 

Dashjr courted controversy in a Dec. 6 post to X (formerly Twitter) claiming that Inscriptions — used by the Ordinals Protocol Ordinals and BRC-20 creators to embed data on satoshis — exploit a Bitcoin Core vulnerability to “spam the blockchain.”

Some observers then pointed to Dashjr days later, when Bitcoin inscriptions appeared on the U.S. vulnerability database as part of the CVE list on Dec. 9, which described it as a security flaw that enabled the development of the Ordinals Protocol in 2022.

However, despite being an outspoken Bitcoin Ordinals critic, Dashjr told Cointelegraph that he had no role in adding inscriptions to the vulnerability database’s CVE list.

Interestingly, the CVE list is designed so that any developer can lodge a vulnerability and is typically listed as long as the CVE Assignment Team deems it important for public awareness.

Inscriptions get a vulnerability score and it’s not too bad

On Dec. 11 the NVD updated the listing by assigning Inscriptions a base severity score of “5.3 Medium.”

According to data from software firm Atlassian, a medium score refers to a vulnerability where exploitation provides “very limited” access to a network or denial of service attacks that are quite difficult to execute.

The CVE List has assigned a 5.3 Medium score to the Inscriptions listing. Source: NVD

Related: Bitcoin Ordinals could be stopped if blockchain bug is patched, claims dev

Dashjr said that a major factor in the CVE lists’ 5.3 score was due to the vulnerability having a low availability impact on the Bitcoin network, but argued the score could be understating its potential long-term impact.

“I think this [score] may understate the impact, failing to consider the long-term effects of blockchain bloat. If they had classified the availability impact as “High”, the CVSS base score would be 7.5,” he said.

The debate around the nature of Bitcoin inscriptions continues to…

Click Here to Read the Full Original Article at News…