Ordinals & Inscriptions: Improvement or Attack?
When I first heard about this project on Twitter not all that many days ago, my initial reaction was: “well, at least it’s within the consensus rules, and there’s nothing anyone can do about it anyway, so let them have their fun and it will go away when the fad dies”. I have seen this reaction quite a bit, so I don’t think I was the only one. However, after thinking about it for a short while—and really, it should have been obvious from the start—this is not a very logical response. Inscriptions are an exploitation of a vulnerability in Bitcoin Core, and an attack on the Bitcoin network. I wanted to go over all of the comments and criticisms I’ve seen floating around the past few days in this short post. But first: what are we even talking about?
Ordinals
If you’ve never heard of “ordinals” before, don’t worry: this is a newly coined word, made up by the developer and popularized on Bitcoin Twitter only recently. In a Bitcoin transaction, the number of satoshis in the inputs (less mining fees) equals the number of satoshis in the outputs. Satoshis are fungible, meaning that each satoshi is identical to every other satoshi. There is no protocol-level link between some particular satoshi in one of the inputs and any particular satoshi in one of the outputs. In fact, there is no concept of a particular satoshi at all. The metaphor is usually something like: a UTXO is a bar of gold. A transaction takes many UTXOs (bars of gold; inputs), melts them down, and then mints a new bar of gold for each of the outputs. This is a good metaphor, because we can see how it would be difficult to track atoms of gold from inputs to outputs. However, theoretically at least, it might be possible. With satoshis, it’s not even theoretically possible.
Ordinals are a way to fake non-fungibility of satoshis. So what does that mean? Non-fungibility, of course, is the opposite of fungibility. If satoshis were non-fungible, one satoshi could have some property that would distinguish it from other satoshis. Yet satoshis are fungible at the protocol level, so the only way to add non-fungibility is to fake it. Ordinals do this by assigning a number to each “virtual satoshi” in the block reward as they are mined. I say “virtual” because there are no individual satoshis in a UTXO, only a total amount of satoshis. For example, the very first block mined 50 bitcoin, or 5 billion satoshis. These “5 billion satoshis” are then numbered 0, 1, 2, …, and so on, up to 4,999,999,999. Keep in mind that this is a totally virtual, fake numbering system that does not exist within the Bitcoin protocol.
After assigning the numbers to each satoshi in a block reward, whenever a transaction spends those satoshis, the ordinals scheme lines up all of the inputs and outputs of a transaction and “conceptually maps” satoshis 1-to-1. For example, suppose we had the following transaction:
Input 1: 5 satoshis, starting from ordinal number 1,000
Input 2: 5 satoshis, starting from ordinal number 2,000
10 outputs of 1 satoshi each
In this case, the output satoshis would be numbered as follows:
Output 1: sat number 1,000
Output 2: sat number 1,001
Output 3: sat number 1,002
Output 4: sat number 1,003
Output 5: sat number 1,004
Output 6: sat number 2,000
Output 7: sat number 2,001
Output 8: sat number 2,002
Output 9: sat number 2,003
Output 10: sat number 2,004
Of course, this is nonsense. It makes no sense to say that “Output 8 came from the 3rd satoshi of Input 2”. Because inputs (less mining fees) always equals outputs, it is possible to do this “lining up” process for every transaction, but it does not contain any actual information regarding which satoshis went from where or to whom. To figure out the “ordinal number” of any “virtual satoshi”, start with any UTXO. Work backwards through all of the transaction history to line it up with previous outputs until you get to the coinbase in which it was mined. Add up all of the satoshis that had been mined until that point in time, and that’s the ordinal number. It’s a totally meaningless metric, although maybe some people would find it silly or fun, and that’s fine. But it is also an attack vector that many of us would not have predicted.
Inscriptions
Inscriptions are a trick for very easily storing arbitrary data on the blockchain. This data goes into a Bitcoin transaction (specifically, in the witness data, which I discuss below) by abusing basic programming logic, and it looks like this:
FALSE OP_IF <up to 400kB of arbitrary data here>
In Bitcoin Script, we read the operators backwards, so in a more common modern language this would look like:
if (false) {
// <400kB of arbitrary data here>
}
If that looks odd, it’s because it is. The inner statement will never execute. It will always be skipped, because the condition is simply hard-coded to always be false.
Of course, it has always been possible to put arbitrary data on the blockchain, but the Taproot upgrade removed some earlier limitations on transaction sizes that make it trivial to add up to 400kB of arbitrary data to a single transaction. Beyond 400kB, users would have to coordinate directly with miners for inclusion, since the vast majority of nodes on the Bitcoin network follow default relay policies and will not relay transactions over 400kB. In other words: a transaction over 400kB would have a hard time getting relayed around by random nodes until it reached a miner.
The idea then is that the transaction containing this arbitrary data can have its inputs and outputs “lined up” according to the ordinals method. The arbitrary data is said to be (by definition) “inscribed on” the first satoshi of the first output of the transaction. Since under the ordinals system, a “particular” satoshi can be moved around by lining up inputs and outputs in future transactions, and since under the inscriptions system, a chunk of data is defined as “inscribed” to a “particular” satoshi, users of the system would like to treat the inscribed satoshis as NFTs. They would like to pretend that the inscription on a “particular” satoshi is real, and that the ordinal numbers mean something. While this may be a fun thing to think about as a thought experiment, we have to keep in mind that all of this is totally arbitrary and has no meaning at the protocol layer. Neither ordinals nor inscriptions require any change or make any difference to the Bitcoin protocol. Both systems are nothing more than a way of interpreting the on-chain data. With that explanation out of the way, let’s go into why I believe this is an attack, at multiple levels.
Attack of the Monkey JPEGs
What exactly is an attack? Attacks starts with a bug. Software always does exactly what it is programmed to do. Whenever software does something unexpected, we call that a bug. If you didn't expect an app to crash and it crashed, that's evidence of a bug. If the bug enables a third party to cause those unexpected consequences at will, that particular type of bug is called a vulnerability. Any time one actor purposely exploits such a vulnerability, that is an attack.
In the case of ordinals and inscriptions: if you didn't expect your Bitcoin node to start downloading and sharing monkey JPEGs, and it starts downloading and sharing monkey JPEGs, that's evidence of a bug in your Bitcoin node software. If the bug allows third parties to execute this bug on your node, then it is a vulnerability. And when someone exploits that vulnerability, they are attacking your node.
These are definitions, not ideological statements. It's certainly possible that some node operators did expect their nodes to download and share monkey JPEGs. Those users would not see this as an attack. But if you personally run a node, and you personally did not expect it, then it is an attack by definition. And if you don't think “monkey JPEGs” are a problem, replace that with something else. Perhaps illicit material that is morally abhorrent, illegal in your jurisdiction, or both. For many, or maybe most node operators, if your node unexpectedly starts downloading and sharing files like this—regardless of your personal red lines—you would not be wrong to consider that an attack, and the lines of code that enable it to be a bug in the software. There has been some confusion along the lines of “it’s within the consensus rules, so it’s OK”. That’s not how software works. All bugs, vulnerabilities, and attacks on all software occur within the programmed rules. It could not be otherwise, and Bitcoin is no different.
Inscriptions are an attack enabled by a software vulnerability in Bitcoin node software. Ordinals are a social engineering technique for propagating this attack and convincing other Bitcoin users to execute it. Ordinals are used to convince unsuspecting, non-technical people that particular satoshis can be distinguished by some unique property that makes them non-fungible. Therefore, by one line of fanciful thinking or another, inscriptions can add value on top of the value of a satoshi, since that satoshi is now unique. Although the developer behind ordinals and inscriptions seems to be honest in his opinion that his creation is good for Bitcoin, this is a very insidious attack due to how it preys on non-technical users by tricking them into believing something about Bitcoin that isn’t true, and then using that falsehood to trick them further into attacking the nodes with monkey JPEGs (or illicit materials, etc).
So just in case anyone reading this doesn’t get it yet, and was thinking that ordinals are neat and maybe you’d buy a Bitcoin NFT, here it is in plain language: there are no NFTs in Bitcoin. All satoshis are identical. You cannot “inscribe” or otherwise attach data to a satoshi, any more than you can hang a painting on a single atom of gold within a gold bar. Ordinals are, at best, a fun thought experiment, and at worst, a trick designed to attack you and the Bitcoin network.
It may be the case that an attack is relatively harmless, but I do not believe that is the case for ordinals and inscriptions. There are many problems that could result if this attack is allowed to continue. To name just a few:
premature growth of the block data,
premature increase of fees,
normalizing miner collusion,
deepening the associations between Bitcoin and shitcoin crypto scams in the popular consciousness (and normies getting rugged by buying fake NFTs, etc),
and legal questions around operating nodes that store and share illicit material.
Let’s go through these points.
Block Size Wars
I don’t want to rehash 2015-2017 again, but it seems a brief recap is in order since there is obviously a lot of confusion out there. SegWit changed the block size, not from 1 MB to 4 MB, but from 1 MB to a weight (not size) of 1 vMB. The v stands for virtual. Different portions of the transaction data count as a different number of virtual bytes. In particular: 1 byte of non-witness data weighs 1 vB, but 1 byte of witness data only weighs 0.25 vB. (If “witness” and “non-witness” are confusing, here’s an easy way to think about it: when you write a check, all of the information like amount, date, payer and payee, etc., is the “non-witness data”. When everything is correct, you attest to it, or “witness” it, by signing the check.)
The net effect is that SegWit blocks can be up to 4 MB while staying under the 1 vMB weight limit, depending on the split between non-witness and witness data in the transaction. I have seen a number of statements to the effect of “we should just expect blocks to be full”, but this is a misunderstanding of what it means to have a full block. A full block has 1 vMB of data, whether that is 1 actual MB or 4 actual MB. While there are still empty blocks on occasion, most blocks were already near the 1 vMB limit prior to the public launch of ordinals and inscriptions. Blocks were already full. With this attack, blocks are now not just full, they are also bigger. Under normal use, the ratio of non-witness to witness data in most transactions results in effective block sizes around or below 2 MB. That 2 MB of actual data usually works out to about 1 vMB of block weight. Since inscriptions fill the transaction with an unusually high ratio of witness to non-witness data, many more actual bytes of data can go into a transaction at the 0.25 vB weight. In the extreme case, a single transaction with a 3.99 MB witness would weigh in under the 1 vMB weight limit (3.99 × 0.25 < 1). That means we could jump from a 1.5-2 MB average block size up to an average between 3 and 4 MB. In other words, ordinals and inscriptions can quite possibly effect a doubling of the normal, expected block size. That is bad news for everyone.
Again, without going into the block size wars in detail, the small-blockers famously won that war by educating the public on the many problems with big blocks. It’s insufficient to simply ask people to prune witness data, as this is equivalent to asking them to not validate anything. Witness data is included in the hash of the block. If you don’t download the witness data, you can’t validate blocks. If you prune witness data, you can’t relay it to peers. If too many operators prune witness data, there may be availability problems that negatively impact decentralization. On the other hand, keeping the witness data bloats the block database so that it becomes increasingly difficult to sync a new node. The Bitcoin effective block size has already doubled from 1 MB to 2 MB. Syncing a new node already takes somewhere between 6 hours and a week, depending on various factors. If Bitcoin is meant to last for generations, we need to be thinking ahead on time scales of years and decades, not weeks and months. Maybe blocks would have reached 4 MB organically using taproot for new multi-party transaction schemes, but delaying any block size increases as long as possible would certainly be preferable. Ordinals and inscriptions have forced us to contend with 4 MB blocks going forward, starting right now, whether we are ready for it or not.
Higher Fees: Good or Bad?
The truth is more nuanced. Higher fees will eventually be good, as miners need increased income to compensate for the halvings. However, it is a problem that needs to be solved when it arises, and not before. At current prices, 625 Msats is sufficient to keep miners afloat. Depending on the price of BTC, electricity, mining equipment, and myriad other factors, I think it would be a safe bet to expect this to be true for at least the next epoch or two. Even if it’s not, the market will respond to this sort of need quickly, as soon as it arises. Miners need compensation, and right now they are getting it in the form of 625 million newly minted satoshis with every block. In the future, if miners are only getting 312.5 million or 156.25 million satoshis per block, and they can’t use those to recover the costs of the mining operation, then they will need to raise money some other way, probably by demanding higher fees. Of course, this works in the other direction as well: if low fees today bring more people into the network, more users means more transactions, and more transactions beyond a point will naturally cause fees to go up as people need to bid for block space.
The net result is that it makes no sense to artificially increase fees by attacking the network with monkey JPEG spam while claiming that higher fees today will help secure the network tomorrow. This is impossible and ridiculous. The problem of “fees being too low” is real, but it is a problem that will only occur in the future. You can’t solve a problem before it actually occurs. Artificially increasing fees today is not good for anyone, including miners, if they care about the long-term consequences on their own business.
Miners as Adversaries
So many people today look at miners as somehow beneficent actors. Satoshi understood this problem well. Bitcoin users must look at all miners (other than oneself, if one is a miner) as adversaries. Miners control what goes in the blocks, which gives them an extraordinarily large amount of power in what is otherwise a fully peer-to-peer network. Miners get newly minted satoshis and collect fees. Miner incentives are significantly different from users who simply want to stack sats or buy and sell with Bitcoin. One of the most potent tools in the Bitcoin node operator’s arsenal for combating an adversarial miner is filtering the mempool. Bitcoin Core nodes today filter lots of transactions out of the mempool by default. For example, transactions greater than 400 kB are dropped. Transactions that don’t pay a fee are dropped. Because nodes filter these transactions out, they have a very hard time making it to a miner. If a user wants to put a nonstandard transaction in a block, they need to go to a miner directly to make arrangements. This is difficult, time-consuming, and could be potentially ineffective or costly, etc. It would be much easier for malicious users who wanted to subvert mempool filters if they had an automated way to do so and jump straight to the top of a miner’s queue, bypassing the entire network.
It looks like ordinals and inscriptions are set to do just that. We have already seen a 3.9+ MB, 0-fee transaction. This means that the transaction was created and given directly to the miner, paid for separately (e.g. off-chain), bypassed all mempool filters on the entire network and jumped straight to the front of the line. How much it cost, we don’t know, but it will not be good for anyone if and when this type of process becomes automated and normalized. There has already been chatter about miners opening automated contact windows for making direct-to-miner transactions. This kind of thing would allow any user to make a 4 MB, 0-fee transaction and send it directly to a miner for inclusion in the next block. I don’t see any reason that people who care about the long-term health of Bitcoin should be happy with this type of development. Maybe I’m missing something, but I don’t think so.
The Latest Shitcoin: Bitcoin
Those of us who have put in the work understand the difference between Bitcoin and shitcoins. But for the vast majority of people, if it was already an uphill battle to educate them on the difference, bringing shitcoin capabilities (like NFTs and the inevitable associated pump-and-dumps) directly to Bitcoin will do nothing but reinforce misunderstandings. Bitcoin has a stellar reputation compared to all other cryptos (including Stellar, which is a shitcoin). If news cycles will now be taking the focus off of microgrid mining in Kenya to talk about the latest monkey JPEG pump-and-dump scam, there is nothing good in that for Bitcoin or those of us who want to see Bitcoin succeed.
Do Not Pass Go
Eventually, the monopoly money printer will look for any excuse they can to attack Bitcoin. If the blockchain is clogged with illicit images and other illegal materials, and the existence of these illegal materials is highly publicized, you can rest assured that they will eventually be leveraged as an attack on Bitcoin and Bitcoin node operators. Arguably, at least in countries like the US where intent carries important legal weight, node operators might win a court case if they had a fair trial. Keep in mind that you also need to download and run special software to even know what data has been inscripted or to be able to view it. But good luck if you think future legal battles against Bitcoin will be fair and square. Bitcoin is a threat to the State’s money monopoly, and they will not give up that monopoly without a fight, fair or otherwise. Bitcoiners should be ready to defend themselves, whether physically, in cyberspace, or from the law, and we will not be doing ourselves any favors if we allow the timechain to take on large amounts of illicit and illegal materials.
What Can We Do?
Unfortunately, at the protocol level, probably nothing. And I think in the end, the problem will likely take care of itself. Either fees will eventually go up and inscriptions will simply be priced out, or inscriptions will be a fad that blows over in a few months or a year (but not before a few rug pulls).
However, there are some things I think we can do now to help speed things along:
Expose ordinals and inscriptions for the fraud that they are. There are no NFTs in Bitcoin. You cannot inscribe an NFT on a satoshi, and you cannot buy an NFT-inscribed satoshi. Anyone who buys 1 satoshi for any more than 1 satoshi is a sucker and will get rugged. Don’t be a sucker. Don’t buy any “special sats”, whether they are supposedly a “rare ordinal”, a unique “inscription”, or for any other reason. A satoshi is a satoshi is a satoshi.
Make inscriptions users feel bad. When you go to a national park and see an incredible 500-year old tree, what would you do if you saw someone take out a knife to start carving their name in it? Hopefully, if you had any sense, you’d tell them to cut it out and stop being a jackass, and that we should preserve this tree for future generations. Tell inscriptions users that they are ruining the timechain for their own children, and help explain to them why what they are doing is wrong.
If you are a node operator, run a mempool filter patch. Because inscriptions all use the same format of a
FALSE OP_IFstatement, and because the code in this statement can not possibly be executed, it is perfectly safe to drop such transactions as spam. If enough people run the filter, we will not need a similar patch to land in Bitcoin Core (and that is unlikely to happen, anyway). In the best case scenario, if enough people ran this patch and significantly reduced or stopped the spread of inscriptions, we would demonstrate once again that it is indeed the individual node operators, not the miners or anyone else, that control the Bitcoin network.If you are a miner and you mine with a pool, keep tabs on whether or not your mining pool is offering special contact windows for nonstandard transactions or transactions containing inscriptions. If they are, switch pools immediately. Even if your mining pool operators are bad actors, you do not have to be. As an independent miner you always have the option to switch to a pool that is working for Bitcoin, rather than against it.
And if nothing works, we may just have to sit back and watch the timechain fill up with spam until people lose interest or get priced out. If so, then so be it. Hopefully, at least, future generations will look back and get a kick out of what early Bitcoiners were doing way back in the roaring ‘20s, even if they can’t understand why we would waste precious block space with pictures of rocks and dickbutts. And if I’m honest, quite a few of the meme inscriptions got a good laugh from me, so even though it’s a pretty nasty attack on Bitcoin—credit where credit is due—at least our adversaries have a good sense of humor.
This is a very well written article. I was sitting in the camp of "let it be" and "who are we to decide what is good and bad for bitcoin?". Your framing of the concept of software, bug, vulnerability, and attack was a lightbulb for me. I like and agree with this, but still caution against my own hubris of pretending to know what can be, should be, or will be "best" for this transformational protocol. I don't like inscriptions. They definitely felt like an attack, but after reflection on the matter I do not believe this attack materially impacts the direction or magnitude of the state's end game with Bitcoin. If anything it might accelerate certain aspects...but what will come will come with or without inscriptions.