Original - Odaily

Author-husband how

Today, cosine, the founder of the security company SlowMist, posted on the

The issue of inscriptions has been assigned a CVE number. This is a drain on the bottom of the pot and a clear-cut attitude towards characterization of the vulnerability. CVE numbers are nothing new. Many security teams/individuals can apply. We dont pay much attention to this thing... but maybe Bit Roles related to the currency ecology will value this, after all, the CVE number is one of the most well-known vulnerability proofs in the security industry.”

Although Yu Xian has repeatedly said that he also plays with (researches) inscriptions, I feel that inscriptions will have other ways out, and I hope to see better solutions. However, the inscription vulnerability has been officially stamped and certified still caused discussion in the encryption community. Some people do not recognize this NVD certification and say that decentralized Bitcoin should not be defined by centralized institutions.

(Screenshot of Cosine’s tweet)

Previously, Luke Dashjr, the developer of the Bitcoin Core client, said that Inscription was exploiting a vulnerability in the Bitcoin Core client to send spam information to the blockchain. The vulnerability has been assigned the identifier CVE-2023-50428. However, crypto investors did not buy it and believed that Luke Dashjr successfully applied for CVE due to his own bias and false reasons. This is a shameful use of public safety mechanisms.

(Screenshot of Luke Dashjr’s tweet)

For inscription holders, the core question is, does the adoption of NVD certification mean that the vulnerability needs to be fixed, thereby affecting the inscription market?

An anonymous security source told Odaily that vulnerability certification does not mean that it needs to be repaired. Whether it is repaired or not depends on how Bitcoin Core thinks and executes; however, this move does lead to the characterization that Bitcoin serial number inscription is a vulnerability Sound, after all, CVE/NVD has a long-term influence in the security industry or technology industry.

Another thing to know is that although vulnerability platforms such as CVE/NVD are very well-known, not all the numerous vulnerabilities recorded in history have been repaired or repaired in a timely manner. This kind of vulnerability controversy is not a special case encountered by Bitcoin, and it can be treated as normal. .

In addition, the security source said that although CVSS rated the vulnerability as a medium severity level of 5.3, it does not mean that it will threaten the security of the entire blockchain. CVSS is a very well-known vulnerability scoring standard in the industry and even the top standard. The highest score is 10 points. The level of 5.3 already speaks volumes. Medium risk, not high risk and not serious. If the medium risk vulnerability of Bitcoin is not repaired, it will not No matter how much impact it has or cannot see much impact in the short term, Bitcoin serial number inscriptions (including those BRC-20) are exploiting this vulnerability as long as they are being traded or active on the chain. In the eyes of Luke Dashjr, this brings Spam attacks. . Spam is rubbish, nothing more, but it is not rubbish. This topic is a matter of different opinions, so it is very controversial.

Cosine also expressed his opinion on social media: CVE vulnerabilities do not necessarily mean that they will or need to be fixed, especially those with low vulnerability scores, such as the 5.3-point medium-risk rating of the Bitcoin serial number vulnerability. Looking at the details, the final impact The score has many indicators, some of which are 0 points, and the impact indicator of lmpact is only 1.4 points. If this is the case, whether the final repair will really depend on Bitcoin Cores attitude, and whether it will be implemented after the repair. It depends on the miners’ attitude.”

(Inscription vulnerability score)

Currently, the encryption community is still debating the vulnerability of the inscription. The introduction of NVD adoption certification has undoubtedly once again intensified the conflict between the two parties. From a developers perspective, it is normal for vulnerabilities to occur in the system and be fixed, no matter how important the vulnerability is. But for the inscription ecology that exploits this vulnerability, especially the many stakeholders, this is undoubtedly destroying people and money.

Nowadays, inscriptions are bringing new narratives and vitality to the Bitcoin ecosystem. We hope that developers and ecological builders can negotiate and unify their opinions as soon as possible and find an optimal solution.