Description

Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup designed to scale Ethereum without compromising its fundamental properties. In 2.3.1 and earlier, TaikoInbox._verifyBatches (packages/protocol/contracts/layer1/based/TaikoInbox.sol:627-678) advanced the local tid to whatever transition matched the current blockHash before knowing whether that batch would actually be verified. When the loop later broke (e.g., cooldown window not yet passed or transition invalidated), the function still wrote that newer tid into batches[lastVerifiedBatchId].verifiedTransitionId after decrementing batchId. Result: the last verified batch could end up pointing at a transition index from the next batch (often zeroed), corrupting the verified chain pointer.

INFO

Published Date :

2025-12-04T22:23:55.608Z

Last Modified :

2025-12-05T17:29:01.887Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-66559 vulnerability.

Vendors Products
Taiko
  • Taiko-mono
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-66559.

URL Resource
https://github.com/taikoxyz/taiko-mono/commit/379f5cb4ffe9e1945563ab2c7740bc9f4ea004d8 cve-icon cve-icon
https://github.com/taikoxyz/taiko-mono/security/advisories/GHSA-5mxh-r33p-6h5x cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability