History of OP RETURN

The OP_RETURN opcode has a controversial history that has culminated to it being used as the primary mechanism to store arbitrary data on-chain. The original functionality was intended to behave as a return operation that ends execution of the script. The original implementation of the opcode had a critical bug and was quickly patched by Satoshi Nakamoto.

1 RETURN Bug

OP_RETURN was originally intended to return the top value on the stack.

Given the script:

OP_TRUE OP_RETURN

True would be returned from the script and the script would terminate, ignoring any opcodes that came afterwards; because of this, this example script could prepend any unlocking script, granting the ability for one to steal anyone's Bitcoin.

The functionality of the opcode was changed to always return false instead of returning the value on top of the stack.

Storing data on-chain

The modification to OP_RETURN to always return false had interesting implications. Any opcodes or data are not evaluated after the OP_RETURN thus users of the network began using this opcode to store arbitrary data. This opcode was used instead of the OP_PUSHDATA opcodes since the max script size was limited to 520 bytes. These two fundamental changes to Bitcoin resulted in the opcode being used in an unforeseen and interesting way, outside of its original intent.

In January 2019, it was discovered that because the OP_RETURN opcode terminated the script such that nodes did not validate anything after it, this also meant that nodes did not check that the script did not exceed the max script size limit of 520 bytes. Communication of this went out to the miners on the network who then raised their maximum transaction size to 100KB. This resulted in the users putting various data on the blockchain, for example entire websites.