Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Taiko Alethia Pacaya inbox verification pointer corruption
Vulnerability Description
Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup designed to scale Ethereum without compromising its fundamental properties. In 2.3.1 and earlier, TaikoInbox._verifyBatches (packages/protocol/contracts/layer1/based/TaikoInbox.sol:627-678) advanced the local tid to whatever transition matched the current blockHash before knowing whether that batch would actually be verified. When the loop later broke (e.g., cooldown window not yet passed or transition invalidated), the function still wrote that newer tid into batches[lastVerifiedBatchId].verifiedTransitionId after decrementing batchId. Result: the last verified batch could end up pointing at a transition index from the next batch (often zeroed), corrupting the verified chain pointer.
CVSS Information
N/A
Vulnerability Type
对数组索引的验证不恰当
Vulnerability Title
Taiko Alethia 输入验证错误漏洞
Vulnerability Description
Taiko Alethia是Taiko Labs开源的一个用于实现Taiko Layer 2网络的基于以太坊的ZK-EVM Rollup协议的软件集合。 Taiko Alethia 2.3.1及之前版本存在输入验证错误漏洞,该漏洞源于TaikoInbox._verifyBatches函数在未确认批次验证状态时提前更新tid值,可能导致已验证链指针损坏。
CVSS Information
N/A
Vulnerability Type
N/A