According to information from the US National Vulnerability Database (NVD), the recently hyped Bitcoin script has been reported as a cybersecurity vulnerability with the identifier CVE-2023-50428, and is currently awaiting analysis.
The report describes the vulnerability as follows: Being added to the NVD list means that a specific cybersecurity vulnerability has been identified, recorded, and considered important for public awareness. This database is managed by the National Institute of Standards and Technology (NIST) of the US Department of Commerce. Additionally, recent tweets from Bitcoin Core client developer Luke Dashjr on Twitter have been added as external resources in the report.
The script involves embedding additional data into specific satoshis (the smallest unit of Bitcoin). This data can be in any digital form, such as images, text, or other media formats. Each time data is added to a satoshi, it becomes a permanent part of the Bitcoin blockchain.
While data embedding has been present in the Bitcoin protocol for some time, it wasn’t until the emergence of the Ordinal protocol at the end of 2022 that the ability to embed unique digital art directly into Bitcoin transactions, similar to how non-fungible tokens (NFTs) operate on the Ethereum network, began to increase in popularity.
If this so-called “vulnerability” is patched, it may impose restrictions on scripts on the network. When asked if the vulnerability being fixed would make Ordinal and BRC-20 tokens “disappear”, Luke Dashjr responded with “yes”. However, due to the immutability of the network, existing scripts will still exist but will be unable to be traded.
As of the update on December 12th, according to the NVD’s updated information, Bitcoin scripts have been officially adopted by the NVD as a “vulnerability”, with a CVSS severity level rating of 5.3 indicating a moderate risk.