CVE-2025-66559
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-04

Last updated on: 2025-12-08

Assigner: GitHub, Inc.

Description
Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup designed to scale Ethereum without compromising its fundamental properties. In 2.3.1 and earlier, TaikoInbox._verifyBatches (packages/protocol/contracts/layer1/based/TaikoInbox.sol:627-678) advanced the local tid to whatever transition matched the current blockHash before knowing whether that batch would actually be verified. When the loop later broke (e.g., cooldown window not yet passed or transition invalidated), the function still wrote that newer tid into batches[lastVerifiedBatchId].verifiedTransitionId after decrementing batchId. Result: the last verified batch could end up pointing at a transition index from the next batch (often zeroed), corrupting the verified chain pointer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-04
Last Modified
2025-12-08
Generated
2026-06-16
AI Q&A
2025-12-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-66559
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
taikoxyz taiko 2.3.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-129 The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Taiko Alethia version 2.3.1 and earlier, specifically in the TaikoInbox._verifyBatches function. The function prematurely advances the local transition ID (tid) to a transition matching the current blockHash before confirming if the batch is actually verified. If the verification loop breaks early (due to cooldown or invalid transition), the function still updates the last verified batch's pointer to this newer tid, which may belong to the next batch or be zeroed. This causes corruption of the verified chain pointer, potentially leading to inconsistencies in the blockchain state.

Impact Analysis

This vulnerability can corrupt the verified chain pointer in the Taiko Alethia rollup, causing the last verified batch to point to an incorrect or invalid transition index. This can lead to inconsistencies in the blockchain's state verification, potentially undermining trust in the rollup's data integrity and causing operational issues for users relying on accurate state transitions.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-66559. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart