CVE-2025-66559
BaseFortify
Publication date: 2025-12-04
Last updated on: 2025-12-08
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| taikoxyz | taiko | 2.3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-129 | The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Taiko Alethia version 2.3.1 and earlier, specifically in the TaikoInbox._verifyBatches function. The function prematurely advances the local transition ID (tid) to a transition matching the current blockHash before confirming if the batch is actually verified. If the verification loop breaks early (due to cooldown or invalid transition), the function still updates the last verified batch's pointer to this newer tid, which may belong to the next batch or be zeroed. This causes corruption of the verified chain pointer, potentially leading to inconsistencies in the blockchain state.
How can this vulnerability impact me? :
This vulnerability can corrupt the verified chain pointer in the Taiko Alethia rollup, causing the last verified batch to point to an incorrect or invalid transition index. This can lead to inconsistencies in the blockchain's state verification, potentially undermining trust in the rollup's data integrity and causing operational issues for users relying on accurate state transitions.