CVE-2025-66559— Taiko Alethia 输入验证错误漏洞

Taiko Alethia Pacaya inbox verification pointer corruption

Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup designed to scale Ethereum without compromising its fundamental properties. In 2.3.1 and earlier, TaikoInbox._verifyBatches (packages/protocol/contracts/layer1/based/TaikoInbox.sol:627-678) advanced the local tid to whatever transition matched the current blockHash before knowing whether that batch would actually be verified. When the loop later broke (e.g., cooldown window not yet passed or transition invalidated), the function still wrote that newer tid into batches[lastVerifiedBatchId].verifiedTransitionId after decrementing batchId. Result: the last verified batch could end up pointing at a transition index from the next batch (often zeroed), corrupting the verified chain pointer.

N/A

对数组索引的验证不恰当

Taiko Alethia 输入验证错误漏洞

Taiko Alethia是Taiko Labs开源的一个用于实现Taiko Layer 2网络的基于以太坊的ZK-EVM Rollup协议的软件集合。 Taiko Alethia 2.3.1及之前版本存在输入验证错误漏洞，该漏洞源于TaikoInbox._verifyBatches函数在未确认批次验证状态时提前更新tid值，可能导致已验证链指针损坏。

N/A

N/A