Difference between revisions of "History of OP RETURN"

Line 8: Line 8:
 
OP_TRUE OP_RETURN
 
OP_TRUE OP_RETURN
  
True would be returned from the script and the script would terminate, ignoring any opcodes that came afterwards; because of this, this example script could prepend any unlocking script, granting the ability for one to steal anyone's Bitcoin.  
+
True would be returned from the script and the script would terminate, ignoring any opcodes that came afterwards; because of this, this example script could prepend any unlocking script, granting the ability for one to steal anyone's bitcoin.  
  
 
The functionality of the opcode was changed to always return false instead of returning the value on top of the stack.
 
The functionality of the opcode was changed to always return false instead of returning the value on top of the stack.

Revision as of 12:02, 17 February 2020

The OP_RETURN opcode has a controversial history that has resulted in it being used as the primary mechanism to store arbitrary data on-chain. The original functionality was intended to behave as a return operation that ends execution of the script. The original implementation of the opcode had a critical bug and was quickly patched by Satoshi Nakamoto.

1 RETURN Bug

OP_RETURN was originally intended to return the top value on the stack.

Given the script:

OP_TRUE OP_RETURN

True would be returned from the script and the script would terminate, ignoring any opcodes that came afterwards; because of this, this example script could prepend any unlocking script, granting the ability for one to steal anyone's bitcoin.

The functionality of the opcode was changed to always return false instead of returning the value on top of the stack.

Bitcoin Core Rhetoric

In Bitcoin Core's v0.9.0 update, OP_RETURN output was made standard but was only relayed with a 40 byte limit, which was then later increased to an 80 byte limit. Bitcoin Core made this change advising the users of the network that in their opinion, arbitrary data should not be stored in the blockchain.

Storing data on-chain

The modification to OP_RETURN to always return false had interesting implications. Any opcodes or data are not evaluated after the OP_RETURN so users of the network began using this opcode to store arbitrary data.

This opcode was used instead of the OP_PUSHDATA opcodes since the max script size was limited to 520 bytes. These two fundamental changes to Bitcoin resulted in the opcode being used in an unforeseen and interesting way, outside of its original intent.

In January 2019, a discovery was made that because the OP_RETURN opcode terminated the script such that nodes did not validate anything after it occurred, this also meant that nodes did not check that the script did not exceed the max script size limit of 520 bytes. Communication of this went out to the miners on the network who then raised their maximum transaction size to 100KB. This resulted in the users putting various data on the blockchain, for example, an entire website.

Return to original functionality

The Genesis upgrade in February 2020 restored the original functionality of the opcode. This did not impact the ability to store arbitrary data on-chain, however the best practice has been amended to advise the use of False Return scripts for applications that still seek to do so.