Taiko Alethia Pacaya inbox verification pointer corruption
CVE-2025-66559

8HIGH

Key Information:

Vendor: Taikoxyz
Status: Taiko-mono
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-66559?

Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup designed to scale Ethereum without compromising its fundamental properties. In 2.3.1 and earlier, TaikoInbox._verifyBatches (packages/protocol/contracts/layer1/based/TaikoInbox.sol:627-678) advanced the local tid to whatever transition matched the current blockHash before knowing whether that batch would actually be verified. When the loop later broke (e.g., cooldown window not yet passed or transition invalidated), the function still wrote that newer tid into batches[lastVerifiedBatchId].verifiedTransitionId after decrementing batchId. Result: the last verified batch could end up pointing at a transition index from the next batch (often zeroed), corrupting the verified chain pointer.

Affected Version(s)

taiko-mono <= 2.3.1

References

https://github.com/taikoxyz/taiko-mono/security/advisorie...

x_refsource_CONFIRM

https://github.com/taikoxyz/taiko-mono/commit/379f5cb4ffe...

x_refsource_MISC

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Dec 4, 2025

JSON

Taikoxyz

What is CVE-2025-66559?

Affected Version(s)

References

CVSS V4

Timeline