Search for projects by name or address
Taiko Alethia is an Ethereum-equivalent rollup on the Ethereum network. Taiko aims at combining based sequencing and a multi-proof system through SP1, RISC0 and TEEs.
Taiko Alethia is an Ethereum-equivalent rollup on the Ethereum network. Taiko aims at combining based sequencing and a multi-proof system through SP1, RISC0 and TEEs.
Consequence: projects without a proper proof system fully rely on single entities to safely update the state. A malicious proposer can finalize an invalid state, which can cause loss of funds.
Learn more about the recategorisation here.
2025 Jul 10 — 2026 Jul 10
The section shows the operating costs that L2s pay to Ethereum.
2025 Jul 10 — 2026 Jul 10
This section shows how much data the project publishes to its data-availability (DA) layer over time. The project currently posts data to
Ethereum.
2026 Apr 02 — Jul 10
This section shows how "live" the project's operators are by displaying how frequently they submit transactions of the selected type. It also highlights anomalies - significant deviations from their typical schedule.
2026 Jun 10 — Jul 10
All liveness anomalies detected for this project in the last 30 days, helping you review recent downtime and availability issues.
No Tx data submissions were performed for 7d 23h 7m (from 2026 Jun 22, 02:10 UTC until 2026 Jun 30, 01:17 UTC). These typically occur every 8min 43s on average.
No State updates were performed for 7d 12h 39m (from 2026 Jun 22, 02:10 UTC until 2026 Jun 29, 14:49 UTC). These typically occur every 41min 43s on average.
Proof system exploit
2026 Jun 22nd
An attacker exploits a vulnerability in the SGX proof system and steals USD ~1.7M.
Preconfs introduction
2025 Aug 11th
Taiko implements preconfs - whitelisted actors provide fast soft confirmations for L2 txs.
There is no mechanism to have transactions be included if the sequencer is down or censoring. Although the functionality exists in the code, it is currently disabled. Forced inclusions are disabled in the current MainnetInbox implementation, so sequencer failure or censorship leads to non-inclusion.
A multi-proof system is used. There are four verifiers available: SGX (Geth), SGX (Reth), SP1 and RISC0. Two of them must be used to prove a proposal range, and SGX (Geth) is mandatory. The end state root is supplied during the prove call and is checked against the accompanying SGX/zkVM proof. Proving is currently gated by ProverWhitelist, which has 2 whitelisted provers in discovery. While the whitelist is non-empty, non-whitelisted actors cannot submit proofs.
All of the data needed for proof construction is published on Ethereum L1.
There is no window for users to exit in case of an unwanted upgrade since contracts are instantly upgradable.
Only the whitelisted proposers can publish state roots on L1, so in the event of failure the withdrawals are frozen. Proposing is gated by PreconfWhitelist, which selects a single active operator for the current epoch and has no fallback proposer path.
All the data that is used to construct the system state is published on chain in the form of blobs. This ensures that it will be available for enough time.
Taiko uses a multi-proof system to validate state transitions. The system requires two proofs among four available verifiers: SGX (Geth), SGX (Reth), SP1, and RISC0. This means that a proposal range can be proven without providing a ZK proof if SGX (Geth) and SGX (Reth) are used together. New proposals target a proof submission cadence of 4h. Proving is currently centralized behind ProverWhitelist with 2 whitelisted provers. While the whitelist is non-empty, non-whitelisted actors cannot submit proofs, and the configured permissionless proving delay is not used to open proving. MainnetInbox currently sets minBond=0 and livenessBond=0. The multi-proof system allows detecting bugs in the verifiers if they produce different results for the same proposal range. If such a bug is detected, the system gets automatically paused.
Funds can be stolen if a malicious block is proven by compromised SGX instances.

Taiko Alethia has a governance structure relying primarily on a 7/9 Security Council, checked by a token DAO that is limited to veto permissions. The closed operator whitelists are managed by the 4/6 Taiko Multisig and related EOAs. Governance proposals (both paths) hold all important upgrade and config permissions in the system.
A threshold of 5 approving Security Council members is required to create a Standard proposal. It is delayed while being publicly auditable by 7d in the OptimisticTokenVotingPlugin contract and can be vetoed by 10% of votable TAIKO tokens during that time. If not vetoed, the standard proposal passes and can be executed.
Emergency proposals are encrypted at proposal time and can only be read by Security Council members. If approved by 7 Security Council members, they can be immediately decrypted and executed.
The proof system currently does not require zk proofs to validate state transitions and state can be finalized with SGX proofs only. The optional zk verifier contracts can be upgraded by Multisigs. Operator roles (sequencer, proposer) are closed and the whitelist is managed by the Taiko Multisig and related EOAs.
The metrics include upgrades on the currently used proxy contracts. Historical proxy contracts and changes of such are not included.
Quota changes 150K - 250K per day for stables (USDT and USDC).
Quota changes 150K -> 250K per day for stables (USDT and USDC).
| contract QuotaManager (eth:0xBaCb003f0B13CeAF09Eb9Baf5915A640BD4Bc6cC) [taiko/QuotaManager] { | |
| +++ description: Defines withdrawal quotas for ETH and ERC20 releases from the shared bridge. A token quota of zero means unlimited withdrawals for that token. | |
| values.tokenQuotas.3.quota: | |
| - | "150,000" |
| + | "250,000" |
| values.tokenQuotas.4.quota: | |
| - | "150,000" |
| + | "250,000" |
| } |
| contract PreconfWhitelist (eth:0xFD019460881e6EeC632258222393d5821029b2ac) [taiko/PreconfWhitelist] { | |
| +++ description: Contains the whitelist of addresses eligible to propose batches on L1 and issue preconfirmations. It dynamically selects a single active operator for each epoch using a delayed Ethereum beacon block root as randomness. There is no fallback proposer path in this contract: non-selected operators cannot propose for the current epoch. | |
| values.operatorMapping.2: | |
| + | "eth:0xCbeB5d484b54498d3893A0c3Eb790331962e9e9d" |
| } |
Bridges unpaused. Taiko is live again, without forced transactions or proposer fallback.
Bridges unpaused. Taiko is live again, without forced transactions or proposer fallback.
| contract SignerList (Security Council) (eth:0x0F95E6968EC1B28c794CF1aD99609431de5179c2) [taiko/SignerList] { | |
| +++ description: A signer list for storing multisig members and their agents, stores the addresses of the Multisigs that use this signer list. Each signer delegates their permissions to their agent address that they can configure here. | |
| values.$members.4: | |
| - | "eth:0x4236f57E9dBc238878EFac4AeF0A16D4dD06DC1A" |
| + | "eth:0xbC40317A69CB1D1aF2CBcfE32C8B7a6840Dc287a" |
| } |
| contract EmergencyMultisig (eth:0x2AffADEb2ef5e1F2a7F58964ee191F1e88317ECd) [taiko/EmergencyMultisig] { | |
| +++ description: Modular Governance contract allowing for proposing, voting on and executing encrypted proposals (e.g. for Security Council emergency proposals). | |
| +++ description: total count of encrypted emergency proposals created. | |
| +++ severity: HIGH | |
| values.proposalCount: | |
| - | 34 |
| + | 35 |
| } |
| contract OptimisticTokenVotingPlugin (eth:0x989E348275b659d36f8751ea1c10D146211650BE) [taiko/OptimisticTokenVotingPlugin] { | |
| +++ description: An optimistic governance module. Standard proposals pass and can be executed unless 10% of votable TAIKO veto them within 7d. Emergency proposals can be executed without delay. | |
| values.proposalCount: | |
| - | 35 |
| + | 36 |
| values.proposalIds.35: | |
| + | "606707631305171219093581685850458871248271179811" |
| } |
| contract MainnetERC20Vault (eth:0x996282cA11E5DEb6B5D122CC3B9A1FcAAD4415Ab) [taiko/SharedERC20Vault] { | |
| +++ description: Shared vault for Taiko chains for bridged ERC20 tokens. Pausing stops token sends, message-triggered releases, and recalls. Released or minted tokens are subject to the configured quota manager. | |
| +++ severity: HIGH | |
| values.paused: | |
| - | true |
| + | false |
| } |
| contract MainnetBridge (eth:0xd60247c6848B7Ca29eDdF63AA924E53dB6Ddd8EC) [taiko/TaikoBridge] { | |
| +++ description: Shared bridge escrow for Taiko chains for bridged ETH and arbitrary bridge messages. Pausing stops sending, processing, recalling, retrying, and failing messages. ETH released from the bridge is subject to the configured quota manager. | |
| +++ severity: HIGH | |
| values.paused: | |
| - | true |
| + | false |
| } |
MainnetInbox is upgraded to the restricted implementation with forced inclusions disabled; proposals are gated by PreconfWhitelist with no fallback proposer path, proving routes through MainnetVerifier, and bridge/vault releases are governed by QuotaManager. diffs: - over all contracts: unrelated formatting changes and hardcoding of addresses instead of using the resolver - signalService: https://disco.l2beat.com/diff/eth:0xBC442F342FE247Dc7981AC7Fbe8293c8891F8752/eth:0x1A06832992785766a105838C95c1E13a0045AC85 adds immutable pauser/unpause and VERSION invalidates all old cache + checkpoints - MainnetBridge: https://disco.l2beat.com/diff/eth:0x2705B12a971dA766A3f9321a743d61ceAD67dA2F/eth:0x1c94D798CFA08F396E5BA9F81697289c53273381 quota changes and init3 sets three message hashes (0x9972, 0xf299, 0xea26) to DONE (currently RETRYABLE) - MainnetERC20Vault: https://disco.l2beat.com/diff/eth:0xb20C8Ffc2dD49596508d262b6E8B6817e9790E63/eth:0x024253C6FDC27d3161aFd43fb0241411A28dDc3c quota changes - MainnetInbox: https://disco.l2beat.com/diff/eth:0x349Ae3578f48F758d79451EeAB61Cdd5fedD0098/eth:0x64523f2580f4E7038a121D55b220a9C12C1E8f01 (init2/rollback to lastFinalizedProposalId = 18051 , lastFinalizedBlockHash = 0x64c2ada556b6862d2c8796e0f709c454fede9d03908711a9f04d9f9f9dcce470 , disable forced inclusion) - MainnetVerifier: https://disco.l2beat.com/diff/eth:0x9cAa4948381590900FCdd8a4F06EB24138eD665d/eth:0x71808449A6217898d602c1a392D95b931Ac5d878 pointers changes only - sgxgeth: https://disco.l2beat.com/diff/eth:0x08568Df252ecf37D6C3eFD24f6ca3688118697F1/eth:0x41e79EB4F03aBB5DF8716B759528dc5d8f6a84Ee add registrar 0x9CBeE534B5D8a6280e01a14844Ee8aF350399C7F (whitelisted registerInstance caller), add SGX FORBIDDEN ATTRIBUTE MASK to blacklist debug mode - sgxreth: https://disco.l2beat.com/diff/eth:0x08568Df252ecf37D6C3eFD24f6ca3688118697F1/eth:0x41e79EB4F03aBB5DF8716B759528dc5d8f6a84Ee same as above - sp1RethVerifier: https://disco.l2beat.com/diff/eth:0x96337327648dcFA22b014009cf10A2D5E2F305f6/eth:0x73A0Db393ef87ce781ac7957bE10D6628432100F no source diff, but removes all trusted vkeys and adds four new ones - risc0RethVerifier: all image ids removed, added two new ones ( 0xa38d1fac63aa6a553fdb6fea01fdc96534564c31de916aaafe5f5a1dd3bb908b , 0x868b5154ae01a9a045051da2d7ba2e21d4132c7ec096da343fa24149407fefef ) - dcap 0x0ffa4A625ED9DB32B70F99180FD00759fc3e9261(geth): mrSigners = ['0x48fa5bbad91d274735d238715913c8712a7505bb6d0dd832764bedb46d587013'] , mrEnclaves = ['0xbefb2c7ec44cefe57f4ff0ca815a8b8f15e05631bf3abe36cbc12d28f778fa36'] - dcap 0x8d7C954960a36a7596d7eA4945dDf891967ca8A3(reth): mrSigners = ['0x48fa5bbad91d274735d238715913c8712a7505bb6d0dd832764bedb46d587013'] , mrEnclaves = ['0xdccd8f30ea4a137ddfa63d743e3aa7c7a8e80585912d19c4b66f7d8d6098bec4', '0x92dd96a170d1ffb998afa210b3ef8af8c408ab76c4717e0eb8076d4a5da4e740'] - all other enclaves and the old signer are removed Program hashes source used: taikoxyz/raiko2 v0.5.1, commit b08f4c57cd69a0f8dc1316a21f4ce4b08eddbebe. Regenerated values match exactly: risc0 aggregation image id 0x868b5154ae01a9a045051da2d7ba2e21d4132c7ec096da343fa24149407fefef risc0 proposal image id 0xa38d1fac63aa6a553fdb6fea01fdc96534564c31de916aaafe5f5a1dd3bb908b sp1 aggregation vk bn254 0x00e91cb391c22d6fd015e4c6041dbbe6efb2d8be6d4046eec28f12acba5a17bc sp1 aggregation vk hash bytes 0x748e59c8708b5bf402bc98c041dbbe6e7d96c5f335011bbb051e25593a5a17bc sp1 proposal vk bn254 0x007594632ec31fae9d44799b97316fcbcaa3ff6b5db268c7a5d8025b3bbb487e sp1 proposal vk hash bytes 0x3aca319730c7eba7288f33727316fcbc551ffb5a76c9a31e4bb004b63bbb487e
MainnetInbox is upgraded to the restricted implementation with forced inclusions disabled; proposals are gated by PreconfWhitelist with no fallback proposer path, proving routes through MainnetVerifier, and bridge/vault releases are governed by QuotaManager.
diffs:
VERSION invalidates all old cache + checkpoints_lastFinalizedProposalId = 18051, lastFinalizedBlockHash = 0x64c2ada556b6862d2c8796e0f709c454fede9d03908711a9f04d9f9f9dcce470, disable forced inclusion)0x9CBeE534B5D8a6280e01a14844Ee8aF350399C7F (whitelisted registerInstance caller), add SGX_FORBIDDEN_ATTRIBUTE_MASK to blacklist debug mode0xa38d1fac63aa6a553fdb6fea01fdc96534564c31de916aaafe5f5a1dd3bb908b,0x868b5154ae01a9a045051da2d7ba2e21d4132c7ec096da343fa24149407fefef)mrSigners = , `mrEnclaves = [‘0xbefb2c7ec44cefe57f4ff0ca815a8b8f15e05631bf3abe36cbc12d28f778fa36’]mrSigners = ['0x48fa5bbad91d274735d238715913c8712a7505bb6d0dd832764bedb46d587013', `mrEnclaves = [‘0xdccd8f30ea4a137ddfa63d743e3aa7c7a8e80585912d19c4b66f7d8d6098bec4’, ‘0x92dd96a170d1ffb998afa210b3ef8af8c408ab76c4717e0eb8076d4a5da4e740’]Program hashes source used: taikoxyz/raiko2 v0.5.1, commit b08f4c57cd69a0f8dc1316a21f4ce4b08eddbebe. Regenerated values match exactly:
risc0 aggregation image_id 0x868b5154ae01a9a045051da2d7ba2e21d4132c7ec096da343fa24149407fefef
risc0 proposal image_id 0xa38d1fac63aa6a553fdb6fea01fdc96534564c31de916aaafe5f5a1dd3bb908b
sp1 aggregation vk_bn254 0x00e91cb391c22d6fd015e4c6041dbbe6efb2d8be6d4046eec28f12acba5a17bc
sp1 aggregation vk_hash_bytes 0x748e59c8708b5bf402bc98c041dbbe6e7d96c5f335011bbb051e25593a5a17bc
sp1 proposal vk_bn254 0x007594632ec31fae9d44799b97316fcbcaa3ff6b5db268c7a5d8025b3bbb487e
sp1 proposal vk_hash_bytes 0x3aca319730c7eba7288f33727316fcbc551ffb5a76c9a31e4bb004b63bbb487e
| contract TaikoRisc0Verifier (eth:0x059dAF31F571da48Ab4e74Ae12F64f907681Cd8b) [taiko/Risc0Verifier] { | |
| +++ description: Gating router contract to verify batches using RISC Zero. | |
| +++ description: Taiko specific Image IDs (i.e. program digest) of Risc0 programs (block proving and aggregation program separately) trusted by this verifier gateway. Only proofs for these programs can be successfully verified. Note that proofs contains image ID data within them. | |
| +++ severity: HIGH | |
| values.trustedImages.0: | |
| - | "0x779c032b91d0730ef13b26eafa47b32df7ebdaa4ed766d587fe905530afa2544" |
| +++ description: Taiko specific Image IDs (i.e. program digest) of Risc0 programs (block proving and aggregation program separately) trusted by this verifier gateway. Only proofs for these programs can be successfully verified. Note that proofs contains image ID data within them. | |
| +++ severity: HIGH | |
| values.trustedImages.1: | |
| - | "0x26abb0237d10e891443e2a76bd3c1f6704c1ad03c07cb2165f4afcfc64b3cee7" |
| +++ description: Taiko specific Image IDs (i.e. program digest) of Risc0 programs (block proving and aggregation program separately) trusted by this verifier gateway. Only proofs for these programs can be successfully verified. Note that proofs contains image ID data within them. | |
| +++ severity: HIGH | |
| values.trustedImages.2: | |
| - | "0x46efe5e0c74976548ee6856789fbfb4929b8f2f9118a119c57ced6e1062e727b" |
| +++ description: Taiko specific Image IDs (i.e. program digest) of Risc0 programs (block proving and aggregation program separately) trusted by this verifier gateway. Only proofs for these programs can be successfully verified. Note that proofs contains image ID data within them. | |
| +++ severity: HIGH | |
| values.trustedImages.3: | |
| - | "0xdfbce2039ad8b78b236b5a9dceba5d8cee0d9e4638fc8f1fe11a0b2d8bfa039e" |
| +++ description: Taiko specific Image IDs (i.e. program digest) of Risc0 programs (block proving and aggregation program separately) trusted by this verifier gateway. Only proofs for these programs can be successfully verified. Note that proofs contains image ID data within them. | |
| +++ severity: HIGH | |
| values.trustedImages.4: | |
| - | "0xbee1be4cbe2bdf9b0034a1ab6572061a76019e73189ff96322e58ab229b75f92" |
| + | "0xa38d1fac63aa6a553fdb6fea01fdc96534564c31de916aaafe5f5a1dd3bb908b" |
| +++ description: Taiko specific Image IDs (i.e. program digest) of Risc0 programs (block proving and aggregation program separately) trusted by this verifier gateway. Only proofs for these programs can be successfully verified. Note that proofs contains image ID data within them. | |
| +++ severity: HIGH | |
| values.trustedImages.5: | |
| - | "0xcecc85819e15d173c2991577727525b136e820728f7aaaede612f1281cac2249" |
| + | "0x868b5154ae01a9a045051da2d7ba2e21d4132c7ec096da343fa24149407fefef" |
| } |
| - | Status: DELETED |
| contract SgxVerifier (eth:0x08568Df252ecf37D6C3eFD24f6ca3688118697F1) [taiko/SgxVerifier] | |
| +++ description: Verifier contract for SGX proven blocks. Registered SGX instances can sign accepted proofs until their instance expiry. |
| contract SignerList (Security Council) (eth:0x0F95E6968EC1B28c794CF1aD99609431de5179c2) [taiko/SignerList] { | |
| +++ description: A signer list for storing multisig members and their agents, stores the addresses of the Multisigs that use this signer list. Each signer delegates their permissions to their agent address that they can configure here. | |
| receivedPermissions.1: | |
| - | {"permission":"interact","from":"eth:0x08568Df252ecf37D6C3eFD24f6ca3688118697F1","description":"add SGX instances without DCAP attestation and delete registered instances.","role":".owner","via":[{"address":"eth:0x75Ba76403b13b26AD1beC70D6eE937314eeaCD0a"},{"address":"eth:0x9CDf589C941ee81D75F34d3755671d614f7cf261","delay":604800,"condition":"(emergency proposals bypass the delay)"}]} |
| receivedPermissions.4: | |
| + | {"permission":"interact","from":"eth:0x41e79EB4F03aBB5DF8716B759528dc5d8f6a84Ee","description":"add SGX instances without DCAP attestation and delete registered instances.","role":".owner","via":[{"address":"eth:0x75Ba76403b13b26AD1beC70D6eE937314eeaCD0a"},{"address":"eth:0x9CDf589C941ee81D75F34d3755671d614f7cf261","delay":604800,"condition":"(emergency proposals bypass the delay)"}]} |
| receivedPermissions.6: | |
| + | {"permission":"interact","from":"eth:0x73A0Db393ef87ce781ac7957bE10D6628432100F","description":"manage trusted SP1 program verification keys.","role":".owner","via":[{"address":"eth:0x75Ba76403b13b26AD1beC70D6eE937314eeaCD0a"},{"address":"eth:0x9CDf589C941ee81D75F34d3755671d614f7cf261","delay":604800,"condition":"(emergency proposals bypass the delay)"}]} |
| receivedPermissions.7: | |
| - | {"permission":"interact","from":"eth:0x91f67118DD47d502B1f0C354D0611997B022f29E","description":"update token withdrawal quotas and the quota refill period.","role":".owner","via":[{"address":"eth:0x75Ba76403b13b26AD1beC70D6eE937314eeaCD0a"},{"address":"eth:0x9CDf589C941ee81D75F34d3755671d614f7cf261","delay":604800,"condition":"(emergency proposals bypass the delay)"}]} |
| receivedPermissions.8.description: | |
| - | "manage trusted SP1 program verification keys." |
| + | "update the contract address registered for any chainId-name pair." |
| receivedPermissions.8.from: | |
| - | "eth:0x96337327648dcFA22b014009cf10A2D5E2F305f6" |
| + | "eth:0x8Efa01564425692d0a0838DC10E300BD310Cb43e" |
| receivedPermissions.12: | |
| + | {"permission":"interact","from":"eth:0x9D3C595BFf6Ff7D2b2CbdEcF94aD917eB2fCFFd8","description":"add SGX instances without DCAP attestation and delete registered instances.","role":".owner","via":[{"address":"eth:0x75Ba76403b13b26AD1beC70D6eE937314eeaCD0a"},{"address":"eth:0x9CDf589C941ee81D75F34d3755671d614f7cf261","delay":604800,"condition":"(emergency proposals bypass the delay)"}]} |
| receivedPermissions.13: | |
| - | {"permission":"interact","from":"eth:0xa1018Ba2e22139076f91dA2A856B2CAB22d968F6","description":"add SGX instances without DCAP attestation and delete registered instances.","role":".owner","via":[{"address":"eth:0x75Ba76403b13b26AD1beC70D6eE937314eeaCD0a"},{"address":"eth:0x9CDf589C941ee81D75F34d3755671d614f7cf261","delay":604800,"condition":"(emergency proposals bypass the delay)"}]} |
| receivedPermissions.17: | |
| - | {"permission":"interact","from":"eth:0xEf9EaA1dd30a9AA1df01c36411b5F082aA65fBaa","description":"can update the contract address for a given name","role":".owner","via":[{"address":"eth:0x75Ba76403b13b26AD1beC70D6eE937314eeaCD0a"},{"address":"eth:0x9CDf589C941ee81D75F34d3755671d614f7cf261","delay":604800,"condition":"(emergency proposals bypass the delay)"}]} |
| receivedPermissions.24.from: | |
| - | "eth:0x91f67118DD47d502B1f0C354D0611997B022f29E" |
| + | "eth:0x8Efa01564425692d0a0838DC10E300BD310Cb43e" |
| receivedPermissions.30: | |
| - | {"permission":"upgrade","from":"eth:0xEf9EaA1dd30a9AA1df01c36411b5F082aA65fBaa","role":"admin","via":[{"address":"eth:0x75Ba76403b13b26AD1beC70D6eE937314eeaCD0a"},{"address":"eth:0x9CDf589C941ee81D75F34d3755671d614f7cf261","delay":604800,"condition":"(emergency proposals bypass the delay)"}]} |
| } |
| contract AutomataDcapV3Attestation (eth:0x0ffa4A625ED9DB32B70F99180FD00759fc3e9261) [taiko/AutomataDcapV3Attestation] { | |
| +++ description: Contract managing SGX DCAP attestation policy, trusted measurements, and certificate revocation data. | |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.0: | |
| - | "0xfda8bb1fc9938700c25353c0a5fabc96a238e69ce8e35f08e558831a20db33a6" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.1: | |
| - | "0x692c8624d30a327340b0dfbb67203e941175ac700d1a058c717e5269103d37e6" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.2: | |
| - | "0x3e6113a23bbdf9231520153253047d02db8f1dd38a9b52914ab7943278f52db0" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.3: | |
| - | "0xd1f43acede51c4eb2f66b86cce52682edad80b810b9d87fba3a9b67254c91b77" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.4: | |
| - | "0x398be8424f27802b38e6e8d3413bf6a0b187349e68522a218f5bfc00279006ac" |
| + | "0xbefb2c7ec44cefe57f4ff0ca815a8b8f15e05631bf3abe36cbc12d28f778fa36" |
| +++ description: Trusted SGX signer measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrSigners.0: | |
| - | "0xca0583a715534a8c981b914589a7f0dc5d60959d9ae79fb5353299a4231673d5" |
| + | "0x48fa5bbad91d274735d238715913c8712a7505bb6d0dd832764bedb46d587013" |
| } |
| contract EmergencyMultisig (eth:0x2AffADEb2ef5e1F2a7F58964ee191F1e88317ECd) [taiko/EmergencyMultisig] { | |
| +++ description: Modular Governance contract allowing for proposing, voting on and executing encrypted proposals (e.g. for Security Council emergency proposals). | |
| +++ description: total count of encrypted emergency proposals created. | |
| +++ severity: HIGH | |
| values.proposalCount: | |
| - | 33 |
| + | 34 |
| } |
| contract MainnetInbox (eth:0x6f21C543a4aF5189eBdb0723827577e1EF57ef1f) [taiko/MainnetInboxRestricted] { | |
| +++ description: The core Layer 1 entrypoint for the Taiko rollup where L2 block batches are proposed and their corresponding state transitions are proven. Forced inclusion submission and processing are disabled in this implementation. Proposals must come from the configured proposer checker, and if the configured prover whitelist is non-empty, proofs from non-whitelisted provers revert; the configured permissionless proving delay is not used to open proving. | |
| sourceHashes.1: | |
| - | "0xc8fb004590f1c60e5c9735be36da74676fdc93286aa44749d3156ad33bc416e7" |
| + | "0xd6d3af78f692a4c928f8e1b046eca6884ed0d15d120df586c3509c802795d433" |
| values.$implementation: | |
| - | "eth:0x349Ae3578f48F758d79451EeAB61Cdd5fedD0098" |
| + | "eth:0x64523f2580f4E7038a121D55b220a9C12C1E8f01" |
| values.$pastUpgrades.2: | |
| + | ["2026-06-29T13:18:35.000Z","0xae7122add731c935d54d726ebe542e7d4f9f7321e3bdf4ec794309f813d981f7",["eth:0x64523f2580f4E7038a121D55b220a9C12C1E8f01"]] |
| values.$upgradeCount: | |
| - | 2 |
| + | 3 |
| values.getConfig.proofVerifier: | |
| - | "eth:0x9cAa4948381590900FCdd8a4F06EB24138eD665d" |
| + | "eth:0x71808449A6217898d602c1a392D95b931Ac5d878" |
| values.impl: | |
| - | "eth:0x349Ae3578f48F758d79451EeAB61Cdd5fedD0098" |
| + | "eth:0x64523f2580f4E7038a121D55b220a9C12C1E8f01" |
| implementationNames.eth:0x349Ae3578f48F758d79451EeAB61Cdd5fedD0098: | |
| - | "MainnetInbox" |
| implementationNames.eth:0x64523f2580f4E7038a121D55b220a9C12C1E8f01: | |
| + | "MainnetInbox" |
| } |
| contract TaikoDAOController (eth:0x75Ba76403b13b26AD1beC70D6eE937314eeaCD0a) [taiko/TaikoDAOController] { | |
| +++ description: Middleware contract that maintains ownership of DAO-controlled assets and contracts. Its token weight does not count towards the DAO quorum. | |
| directlyReceivedPermissions.1: | |
| - | {"permission":"interact","from":"eth:0x08568Df252ecf37D6C3eFD24f6ca3688118697F1","description":"add SGX instances without DCAP attestation and delete registered instances.","role":".owner"} |
| directlyReceivedPermissions.2: | |
| + | {"permission":"interact","from":"eth:0x41e79EB4F03aBB5DF8716B759528dc5d8f6a84Ee","description":"add SGX instances without DCAP attestation and delete registered instances.","role":".owner"} |
| directlyReceivedPermissions.4: | |
| + | {"permission":"interact","from":"eth:0x73A0Db393ef87ce781ac7957bE10D6628432100F","description":"manage trusted SP1 program verification keys.","role":".owner"} |
| directlyReceivedPermissions.5: | |
| - | {"permission":"interact","from":"eth:0x91f67118DD47d502B1f0C354D0611997B022f29E","description":"update token withdrawal quotas and the quota refill period.","role":".owner"} |
| directlyReceivedPermissions.6.description: | |
| - | "manage trusted SP1 program verification keys." |
| + | "update the contract address registered for any chainId-name pair." |
| directlyReceivedPermissions.6.from: | |
| - | "eth:0x96337327648dcFA22b014009cf10A2D5E2F305f6" |
| + | "eth:0x8Efa01564425692d0a0838DC10E300BD310Cb43e" |
| directlyReceivedPermissions.8: | |
| + | {"permission":"interact","from":"eth:0x9D3C595BFf6Ff7D2b2CbdEcF94aD917eB2fCFFd8","description":"add SGX instances without DCAP attestation and delete registered instances.","role":".owner"} |
| directlyReceivedPermissions.9: | |
| - | {"permission":"interact","from":"eth:0xa1018Ba2e22139076f91dA2A856B2CAB22d968F6","description":"add SGX instances without DCAP attestation and delete registered instances.","role":".owner"} |
| directlyReceivedPermissions.12: | |
| - | {"permission":"interact","from":"eth:0xEf9EaA1dd30a9AA1df01c36411b5F082aA65fBaa","description":"can update the contract address for a given name","role":".owner"} |
| directlyReceivedPermissions.18.from: | |
| - | "eth:0x91f67118DD47d502B1f0C354D0611997B022f29E" |
| + | "eth:0x8Efa01564425692d0a0838DC10E300BD310Cb43e" |
| directlyReceivedPermissions.23: | |
| - | {"permission":"upgrade","from":"eth:0xEf9EaA1dd30a9AA1df01c36411b5F082aA65fBaa","role":"admin"} |
| } |
| contract AutomataDcapV3Attestation (eth:0x8d7C954960a36a7596d7eA4945dDf891967ca8A3) [taiko/AutomataDcapV3Attestation] { | |
| +++ description: Contract managing SGX DCAP attestation policy, trusted measurements, and certificate revocation data. | |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.0: | |
| - | "0xdfcb4fca3073e3f3a90b05d328688c32619d56f26789c0a9797aa10e765a7807" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.1: | |
| - | "0xbdec26abd36fde2cfbb8db7a0793a9346b11bd558b39890407d458500711c88c" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.2: | |
| - | "0xa5f741bfed254a1e21738d429e7bd074e25918af7f71fbe1e0135c3974b06e00" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.3: | |
| - | "0x3551faac39edee5abfaa19ab065c217db1485aebae255a9edddf6dfff6b29b52" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.4: | |
| - | "0x13ea9869632ac20b176ae0fdc39998b2a644a695db024ef7fe0e4b3c59084160" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.5: | |
| - | "0xa096348d480eb0474f5eab182671933c029545521960d87d4e49283005809be9" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.6: | |
| - | "0xa4eedfc6484494d4c08bfb9b9dd887c6e0540ba9d8ee207fe0e16814852e3356" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.7: | |
| - | "0xc90e5d2e39d1d3f8397a6048c32ba50139d1577c28985e1f7638785935f41734" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.8: | |
| - | "0x9546301721e2ea111ab0f79b6e529d6bb6c486ac98bcf7739429ad06c09db63d" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.9: | |
| - | "0x3f71cf178a032816c2731a43aef746c464a5326e891dc881773ec2b599b2cf0a" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.10: | |
| - | "0xdcd483d3406d9b1871bb92420f5a080c4372e0d6b8522a4a2cb91a0f736669c6" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.11: | |
| - | "0x3b589538b775ddbfc5fb028167ff846116159e6687aef9f849ca5a70a7871ea5" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.12: | |
| - | "0xb09f9005e4612526e378466b5c16ab6028478e81c085812d6ed37166c4cda10e" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.13: | |
| - | "0x6e43c1d575b5b785d0f6259dfac44998c6f0c164864f9f98270fb740c14eb943" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.14: | |
| - | "0x631778b0d420d2d0bba4c730b0fd74857afeefb3429371ae97ab450e40ca127e" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.15: | |
| - | "0x482b06132c4306ea55bc34ff90d46532ff4151f473dbfe4d2cb2442af2ff288b" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.16: | |
| - | "0xca349ba0dfeced0bd837a56c97417c11e51d490eec4ff08321dd130776a413bd" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.17: | |
| - | "0xe2375b778ee5700a73c7fcf449abb4a62e00127d324b6694898073ba5aff4f5c" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.18: | |
| - | "0x67742ab222790e20ba3656b3b294645a3384a5df5a770b86f8c06529523d990e" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.19: | |
| - | "0xddda8ba9c9153e3d2f680f2f53adbc774a9753cc55d40dde4cb02aef38c42109" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.20: | |
| - | "0xe5774b71990b0d5f3eca8d4d22546764dd9549c743a1a6d4d4863d97f6b8c67a" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.21: | |
| - | "0x605ad10c1a56ed7289f198d64a39a952cd3b8a0bed3fcb19c8301c1847dc3a2f" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.22: | |
| - | "0x59bf7d48610cc8a56ba8a390b68c31a1443297869b174aeacac67dc152820f0e" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.23: | |
| - | "0xf285b7cbd78d2b96cdc54cfea3e47d8f510a4b4f91b719c97f8bbb90974f805b" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.24: | |
| - | "0x8f73135b83a84126c7fff37ea02f9363e134aea0f6446b13e198b20d94e75099" |
| + | "0xdccd8f30ea4a137ddfa63d743e3aa7c7a8e80585912d19c4b66f7d8d6098bec4" |
| +++ description: Trusted SGX enclave measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrEnclaves.25: | |
| - | "0x72258d3cae0e9901d0efc1f630064f1c44f11950bd25fee0b62ec8df84532da2" |
| + | "0x92dd96a170d1ffb998afa210b3ef8af8c408ab76c4717e0eb8076d4a5da4e740" |
| +++ description: Trusted SGX signer measurements accepted by attestation verification. | |
| +++ severity: HIGH | |
| values.mrSigners.0: | |
| - | "0xca0583a715534a8c981b914589a7f0dc5d60959d9ae79fb5353299a4231673d5" |
| + | "0x48fa5bbad91d274735d238715913c8712a7505bb6d0dd832764bedb46d587013" |
| } |
| - | Status: DELETED |
| contract QuotaManager (eth:0x91f67118DD47d502B1f0C354D0611997B022f29E) [taiko/QuotaManager] | |
| +++ description: Defines withdrawal quotas for ETH and ERC20 releases from the shared bridge. A token quota of zero means unlimited withdrawals for that token. |
| - | Status: DELETED |
| contract TaikoSP1Verifier (eth:0x96337327648dcFA22b014009cf10A2D5E2F305f6) [taiko/SP1Verifier] | |
| +++ description: Gating router contract to verify batches using SP1. |
| contract OptimisticTokenVotingPlugin (eth:0x989E348275b659d36f8751ea1c10D146211650BE) [taiko/OptimisticTokenVotingPlugin] { | |
| +++ description: An optimistic governance module. Standard proposals pass and can be executed unless 10% of votable TAIKO veto them within 7d. Emergency proposals can be executed without delay. | |
| values.proposalCount: | |
| - | 34 |
| + | 35 |
| values.proposalIds.34: | |
| + | "606634685654739111357042014770979344991156961314" |
| } |
| contract MainnetERC20Vault (eth:0x996282cA11E5DEb6B5D122CC3B9A1FcAAD4415Ab) [taiko/SharedERC20Vault] { | |
| +++ description: Shared vault for Taiko chains for bridged ERC20 tokens. Pausing stops token sends, message-triggered releases, and recalls. Released or minted tokens are subject to the configured quota manager. | |
| sourceHashes.1: | |
| - | "0x4e0dd5fa918b3b1229feb85baaac3bf6d7fffd21febcdeb7a4f3bf62e22c9031" |
| + | "0x9b624be34d3f91047fd5ee6a056fd5d81ed43c3ba757e53661aeb4e4dabfe4aa" |
| values.$implementation: | |
| - | "eth:0xb20C8Ffc2dD49596508d262b6E8B6817e9790E63" |
| + | "eth:0x024253C6FDC27d3161aFd43fb0241411A28dDc3c" |
| values.$pastUpgrades.8: | |
| + | ["2026-06-29T13:18:35.000Z","0xae7122add731c935d54d726ebe542e7d4f9f7321e3bdf4ec794309f813d981f7",["eth:0x024253C6FDC27d3161aFd43fb0241411A28dDc3c"]] |
| values.$upgradeCount: | |
| - | 8 |
| + | 9 |
| values.addressManager: | |
| - | "eth:0xEf9EaA1dd30a9AA1df01c36411b5F082aA65fBaa" |
| values.impl: | |
| - | "eth:0xb20C8Ffc2dD49596508d262b6E8B6817e9790E63" |
| + | "eth:0x024253C6FDC27d3161aFd43fb0241411A28dDc3c" |
| values.lastUnpausedAt: | |
| - | 0 |
| +++ description: Quota manager that rate-limits ERC20 tokens released or minted by this vault. | |
| values.quotaManager: | |
| + | "eth:0xBaCb003f0B13CeAF09Eb9Baf5915A640BD4Bc6cC" |
| values.resolver: | |
| + | "eth:0x8Efa01564425692d0a0838DC10E300BD310Cb43e" |
| implementationNames.eth:0xb20C8Ffc2dD49596508d262b6E8B6817e9790E63: | |
| - | "MainnetERC20Vault" |
| implementationNames.eth:0x024253C6FDC27d3161aFd43fb0241411A28dDc3c: | |
| + | "MainnetERC20Vault" |
| receivedPermissions: | |
| + | [{"permission":"interact","from":"eth:0xBaCb003f0B13CeAF09Eb9Baf5915A640BD4Bc6cC","description":"consume ERC20 withdrawal quota when tokens leave the vault.","role":".erc20Vault"}] |
| } |
| - | Status: DELETED |
| contract MainnetVerifier (eth:0x9cAa4948381590900FCdd8a4F06EB24138eD665d) [taiko/MainnetVerifier] | |
| +++ description: Immutable verifier policy contract for Taiko mainnet. Each accepted proof must contain exactly two ordered sub-proofs: either SGX-GETH plus SGX-RETH/RISC0-RETH/SP1-RETH, or SGX-RETH plus SGX-GETH/RISC0-RETH/SP1-RETH. It routes each sub-proof to the corresponding downstream verifier. |
| contract Taiko Multisig (eth:0x9CBeE534B5D8a6280e01a14844Ee8aF350399C7F) [GnosisSafe] { | |
| +++ description: None | |
| receivedPermissions.0: | |
| + | {"permission":"interact","from":"eth:0x41e79EB4F03aBB5DF8716B759528dc5d8f6a84Ee","description":"register SGX instances after DCAP attestation verification.","role":".registrar"} |
| receivedPermissions.1: | |
| + | {"permission":"interact","from":"eth:0x9D3C595BFf6Ff7D2b2CbdEcF94aD917eB2fCFFd8","description":"register SGX instances after DCAP attestation verification.","role":".registrar"} |
| receivedPermissions.2: | |
| + | {"permission":"interact","from":"eth:0x9e0a24964e5397B566c1ed39258e21aB5E35C77C","description":"pause and unpause signal proof verification.","role":".pauser"} |
| receivedPermissions.3: | |
| + | {"permission":"interact","from":"eth:0xBaCb003f0B13CeAF09Eb9Baf5915A640BD4Bc6cC","description":"update token withdrawal quotas and the quota refill period.","role":".owner"} |
| receivedPermissions.4: | |
| + | {"permission":"interact","from":"eth:0xd60247c6848B7Ca29eDdF63AA924E53dB6Ddd8EC","description":"pause and unpause bridge message flows and fund the bridge through direct ETH transfers.","role":".pauser"} |
| } |
| contract SignalService (eth:0x9e0a24964e5397B566c1ed39258e21aB5E35C77C) [taiko/SignalService] { | |
| +++ description: Facilitates secure cross-chain message passing by storing signals and state-root checkpoints. Bridge escrows and other applications use it to prove that a specific L1<->L2 signal or checkpointed state transition occurred via Merkle proofs. Pausing disables signal proof verification. | |
| sourceHashes.1: | |
| - | "0x20f8b06e752acd9eaddb6745d7eba47d69302f638a83d0db11476c03ece409d5" |
| + | "0xfd960cdf5013fd75aa9b95c2a792457825615084b91ef437440d93599aba9de8" |
| values.$implementation: | |
| - | "eth:0xBC442F342FE247Dc7981AC7Fbe8293c8891F8752" |
| + | "eth:0x1A06832992785766a105838C95c1E13a0045AC85" |
| values.$pastUpgrades.10: | |
| + | ["2026-06-29T13:18:35.000Z","0xae7122add731c935d54d726ebe542e7d4f9f7321e3bdf4ec794309f813d981f7",["eth:0x1A06832992785766a105838C95c1E13a0045AC85"]] |
| values.$upgradeCount: | |
| - | 10 |
| + | 11 |
| values.impl: | |
| - | "eth:0xBC442F342FE247Dc7981AC7Fbe8293c8891F8752" |
| + | "eth:0x1A06832992785766a105838C95c1E13a0045AC85" |
| values.pauser: | |
| + | "eth:0x9CBeE534B5D8a6280e01a14844Ee8aF350399C7F" |
| values.VERSION: | |
| + | 1 |
| implementationNames.eth:0xBC442F342FE247Dc7981AC7Fbe8293c8891F8752: | |
| - | "SignalService" |
| implementationNames.eth:0x1A06832992785766a105838C95c1E13a0045AC85: | |
| + | "SignalService" |
| } |
| - | Status: DELETED |
| contract SgxVerifier (eth:0xa1018Ba2e22139076f91dA2A856B2CAB22d968F6) [taiko/SgxVerifier] | |
| +++ description: Verifier contract for SGX proven blocks. Registered SGX instances can sign accepted proofs until their instance expiry. |
| contract MainnetBridge (eth:0xd60247c6848B7Ca29eDdF63AA924E53dB6Ddd8EC) [taiko/TaikoBridge] { | |
| +++ description: Shared bridge escrow for Taiko chains for bridged ETH and arbitrary bridge messages. Pausing stops sending, processing, recalling, retrying, and failing messages. ETH released from the bridge is subject to the configured quota manager. | |
| sourceHashes.1: | |
| - | "0xa98023db33dc6ad6957a1c18e9e67712facad7f801f9437a6b05cf48aca80135" |
| + | "0x61b87867a3f041292eb5da7940c9fc5d33aee32c063a7cf1696beb6eafac4a2b" |
| values.$implementation: | |
| - | "eth:0x2705B12a971dA766A3f9321a743d61ceAD67dA2F" |
| + | "eth:0x1c94D798CFA08F396E5BA9F81697289c53273381" |
| values.$pastUpgrades.12: | |
| + | ["2026-06-29T13:18:35.000Z","0xae7122add731c935d54d726ebe542e7d4f9f7321e3bdf4ec794309f813d981f7",["eth:0x1c94D798CFA08F396E5BA9F81697289c53273381"]] |
| values.$upgradeCount: | |
| - | 12 |
| + | 13 |
| values.addressManager: | |
| - | "eth:0xEf9EaA1dd30a9AA1df01c36411b5F082aA65fBaa" |
| values.impl: | |
| - | "eth:0x2705B12a971dA766A3f9321a743d61ceAD67dA2F" |
| + | "eth:0x1c94D798CFA08F396E5BA9F81697289c53273381" |
| values.lastUnpausedAt: | |
| - | 1716809423 |
| values.pauser: | |
| + | "eth:0x9CBeE534B5D8a6280e01a14844Ee8aF350399C7F" |
| +++ description: Quota manager that rate-limits ETH released by processed or recalled bridge messages. | |
| values.quotaManager: | |
| + | "eth:0xBaCb003f0B13CeAF09Eb9Baf5915A640BD4Bc6cC" |
| values.resolver: | |
| + | "eth:0x8Efa01564425692d0a0838DC10E300BD310Cb43e" |
| +++ description: Signal service used to prove cross-chain message delivery and failure signals. | |
| values.signalService: | |
| + | "eth:0x9e0a24964e5397B566c1ed39258e21aB5E35C77C" |
| implementationNames.eth:0x2705B12a971dA766A3f9321a743d61ceAD67dA2F: | |
| - | "MainnetBridge" |
| implementationNames.eth:0x1c94D798CFA08F396E5BA9F81697289c53273381: | |
| + | "MainnetBridge" |
| receivedPermissions: | |
| + | [{"permission":"interact","from":"eth:0xBaCb003f0B13CeAF09Eb9Baf5915A640BD4Bc6cC","description":"consume ETH withdrawal quota when ETH leaves the bridge.","role":".bridge"}] |
| } |
| - | Status: DELETED |
| contract L1SharedAddressManager (eth:0xEf9EaA1dd30a9AA1df01c36411b5F082aA65fBaa) [taiko/L1SharedAddressManager] | |
| +++ description: Maps contract names to contract addresses. Changes in this mapping effectively act as contract upgrades. |
| contract PreconfWhitelist (eth:0xFD019460881e6EeC632258222393d5821029b2ac) [taiko/PreconfWhitelist] { | |
| +++ description: Contains the whitelist of addresses eligible to propose batches on L1 and issue preconfirmations. It dynamically selects a single active operator for each epoch using a delayed Ethereum beacon block root as randomness. There is no fallback proposer path in this contract: non-selected operators cannot propose for the current epoch. | |
| values.operatorMapping.0: | |
| + | "eth:0x000cb000E880A92a8f383D69dA2142a969B93DE7" |
| } |
| + | Status: CREATED |
| contract SecureSgxVerifier (eth:0x41e79EB4F03aBB5DF8716B759528dc5d8f6a84Ee) [taiko/SgxVerifier] | |
| +++ description: Verifier contract for SGX proven blocks. Registered SGX instances can sign accepted proofs until their instance expiry. |
| + | Status: CREATED |
| contract MainnetVerifier (eth:0x71808449A6217898d602c1a392D95b931Ac5d878) [taiko/MainnetVerifier] | |
| +++ description: Immutable verifier policy contract for Taiko mainnet. Each accepted proof must contain exactly two ordered sub-proofs: either SGX-GETH plus SGX-RETH/RISC0-RETH/SP1-RETH, or SGX-RETH plus SGX-GETH/RISC0-RETH/SP1-RETH. It routes each sub-proof to the corresponding downstream verifier. |
| + | Status: CREATED |
| contract TaikoSP1Verifier (eth:0x73A0Db393ef87ce781ac7957bE10D6628432100F) [taiko/SP1Verifier] | |
| +++ description: Gating router contract to verify batches using SP1. |
| + | Status: CREATED |
| contract DefaultResolver (eth:0x8Efa01564425692d0a0838DC10E300BD310Cb43e) [taiko/DefaultResolver] | |
| +++ description: Maps chainId-name pairs to contract addresses. Bridge and vault contracts resolve their counterparties through this registry, so changes in this mapping effectively act as contract upgrades. The pause function is intentionally disabled in this implementation. |
| + | Status: CREATED |
| contract SecureSgxVerifier (eth:0x9D3C595BFf6Ff7D2b2CbdEcF94aD917eB2fCFFd8) [taiko/SgxVerifier] | |
| +++ description: Verifier contract for SGX proven blocks. Registered SGX instances can sign accepted proofs until their instance expiry. |
| + | Status: CREATED |
| contract QuotaManager (eth:0xBaCb003f0B13CeAF09Eb9Baf5915A640BD4Bc6cC) [taiko/QuotaManager] | |
| +++ description: Defines withdrawal quotas for ETH and ERC20 releases from the shared bridge. A token quota of zero means unlimited withdrawals for that token. |
Emergency proposals pause the bridges and deactivate forced transactions and permissionless proposal fallback after a hacker steals USD ~1.7M from the bridges by exploiting bugs in whitelisted SGX programs. Exploiter transaction: https://app.blocksec.com/phalcon/explorer/tx/eth/0x2f44dc1b883522a88f9b0cbbdfabf9ec33884b69dd4326600c3fab7fb2277260. vulnerable mrEnclaves used: - fda8bb1fc9938700c25353c0a5fabc96a238e69ce8e35f08e558831a20db33a6 (geth, old) - 8f73135b83a84126c7fff37ea02f9363e134aea0f6446b13e198b20d94e75099 (reth, recent)
Emergency proposals pause the bridges and deactivate forced transactions and permissionless proposal fallback after a hacker steals USD ~1.7M from the bridges by exploiting bugs in whitelisted SGX programs.
Exploiter transaction: https://app.blocksec.com/phalcon/explorer/tx/eth/0x2f44dc1b883522a88f9b0cbbdfabf9ec33884b69dd4326600c3fab7fb2277260.
vulnerable mrEnclaves used:
| contract EmergencyMultisig (eth:0x2AffADEb2ef5e1F2a7F58964ee191F1e88317ECd) [taiko/EmergencyMultisig] { | |
| +++ description: Modular Governance contract allowing for proposing, voting on and executing encrypted proposals (e.g. for Security Council emergency proposals). | |
| +++ description: total count of encrypted emergency proposals created. | |
| +++ severity: HIGH | |
| values.proposalCount: | |
| - | 29 |
| + | 33 |
| } |
| contract MainnetInbox (eth:0x6f21C543a4aF5189eBdb0723827577e1EF57ef1f) [taiko/MainnetInboxRestricted] { | |
| +++ description: [FORCED TRANSACTIONS AND PERMISSIONLESS PROVING ARE DISABLED] The core Layer 1 entrypoint for the Taiko rollup where L2 block batches are proposed and their corresponding state transitions are proven. It manages bonds, validates batch parameters, and acts as the state machine for the L2. | |
| template: | |
| - | "taiko/MainnetInbox" |
| + | "taiko/MainnetInboxRestricted" |
| sourceHashes.1: | |
| - | "0xa362200444c4acb7197c44886acc6eb7d90bb3933f19c339e94239e413f132d1" |
| + | "0xc8fb004590f1c60e5c9735be36da74676fdc93286aa44749d3156ad33bc416e7" |
| description: | |
| - | "The core Layer 1 entrypoint for the Taiko rollup where L2 block batches are proposed and their corresponding state transitions are proven. It manages bonds, validates batch parameters, and acts as the state machine for the L2." |
| + | "[FORCED TRANSACTIONS AND PERMISSIONLESS PROVING ARE DISABLED] The core Layer 1 entrypoint for the Taiko rollup where L2 block batches are proposed and their corresponding state transitions are proven. It manages bonds, validates batch parameters, and acts as the state machine for the L2." |
| values.$implementation: | |
| - | "eth:0x0680c84378FA6A7D2F46ADa5A70637Fa2A938d42" |
| + | "eth:0x349Ae3578f48F758d79451EeAB61Cdd5fedD0098" |
| values.$pastUpgrades.1: | |
| + | ["2026-06-22T09:24:35.000Z","0x2fb71b83b8971dd7bbc174f72ea5d37f57bf20277c406b0d679062b20c348e1d",["eth:0x349Ae3578f48F758d79451EeAB61Cdd5fedD0098"]] |
| values.$upgradeCount: | |
| - | 1 |
| + | 2 |
| +++ severity: HIGH | |
| values.getCurrentForcedInclusionFee: | |
| - | 1000000 |
| + | 1020000 |
| values.impl: | |
| - | "eth:0x0680c84378FA6A7D2F46ADa5A70637Fa2A938d42" |
| + | "eth:0x349Ae3578f48F758d79451EeAB61Cdd5fedD0098" |
| values.noForce: | |
| + | [true] |
| implementationNames.eth:0x0680c84378FA6A7D2F46ADa5A70637Fa2A938d42: | |
| - | "MainnetInbox" |
| implementationNames.eth:0x349Ae3578f48F758d79451EeAB61Cdd5fedD0098: | |
| + | "MainnetInbox" |
| } |
| contract OptimisticTokenVotingPlugin (eth:0x989E348275b659d36f8751ea1c10D146211650BE) [taiko/OptimisticTokenVotingPlugin] { | |
| +++ description: An optimistic governance module. Standard proposals pass and can be executed unless 10% of votable TAIKO veto them within 7d. Emergency proposals can be executed without delay. | |
| values.proposalCount: | |
| - | 31 |
| + | 34 |
| values.proposalIds.31: | |
| + | "606258323829018279630170080852096129484418187295" |
| values.proposalIds.32: | |
| + | "606419523753005534282828605203137025379655483424" |
| values.proposalIds.33: | |
| + | "606424105314793757798300924445813695132257484833" |
| } |
| contract MainnetERC20Vault (eth:0x996282cA11E5DEb6B5D122CC3B9A1FcAAD4415Ab) [taiko/SharedERC20Vault] { | |
| +++ description: Shared vault for Taiko chains for bridged ERC20 tokens. | |
| values.paused: | |
| - | false |
| + | true |
| } |
| contract MainnetBridge (eth:0xd60247c6848B7Ca29eDdF63AA924E53dB6Ddd8EC) [taiko/TaikoBridge] { | |
| +++ description: Shared bridge escrow for Taiko chains for bridged ETH. | |
| values.paused: | |
| - | false |
| + | true |
| } |
| contract PreconfWhitelist (eth:0xFD019460881e6EeC632258222393d5821029b2ac) [taiko/PreconfWhitelist] { | |
| +++ description: Contains the whitelist of addresses allowed to propose batches on L1 and issue preconfirmations. It dynamically selects a single operator for a given epoch using the Ethereum beacon block root as a source of randomness. | |
| values.operatorMapping.0: | |
| - | "eth:0xCbeB5d484b54498d3893A0c3Eb790331962e9e9d" |
| values.operatorMapping.2: | |
| - | "eth:0x000cb000E880A92a8f383D69dA2142a969B93DE7" |
| } |
Propose 'Enable SP1 v6 on mainnet': new programhashes.
Propose ‘Enable SP1 v6 on mainnet’: new programhashes.
| contract Multisig (eth:0xD7dA1C25E915438720692bC55eb3a7170cA90321) [taiko/Multisig] { | |
| +++ description: Modular Governance contract allowing for proposing, voting on and executing proposals (e.g. for Security Council standard proposals). | |
| +++ description: total standard proposal count. | |
| +++ severity: HIGH | |
| values.proposalCount: | |
| - | 20 |
| + | 21 |
| } |
The system uses a whitelist-based sequencing mechanism to allow for fast preconfirmations on the L2. On the L1, batch proposing is permissioned through the PreconfWhitelist contract, which currently has 3 active operators registered.
For each epoch, PreconfWhitelist selects a single active operator that can propose to MainnetInbox. There is no fallback proposer path, and non-selected operators cannot propose for the current epoch.
Proving is controlled separately by ProverWhitelist, which currently has 2 whitelisted provers.
While the prover whitelist is non-empty, non-whitelisted actors cannot submit proofs. MainnetInbox currently sets minBond=0 and livenessBond=0.
Currently, proving a proposal requires SGX (Geth), plus either SGX (Reth), SP1, or RISC0.
MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.
There is no general mechanism to force the sequencer to include a transaction.
Forced inclusions are disabled in the current MainnetInbox implementation: saveForcedInclusion() always reverts and propose() only accepts zero forced inclusions.
If the selected proposer is down or censoring, user transactions that are not included by the permissioned proposer remain non-included.
Users can be censored if the operator refuses to include their transactions.

A Multisig with 7/9 threshold. A signer list for storing multisig members and their agents, stores the addresses of the Multisigs that use this signer list. Each signer delegates their permissions to their agent address that they can configure here.
A Multisig with 4/6 threshold.
Shared vault for Taiko chains for bridged ERC20 tokens. Pausing stops token sends, message-triggered releases, and recalls. Released or minted tokens are subject to the configured quota manager.
Shared bridge escrow for Taiko chains for bridged ETH and arbitrary bridge messages. Pausing stops sending, processing, recalling, retrying, and failing messages. ETH released from the bridge is subject to the configured quota manager.
A Multisig with 3/5 threshold.
A Multisig with 2/3 threshold.
A Multisig with 1/2 threshold. Member of Taiko Foundation Treasury Multisig, Taiko Multisig, Gustavo Gonzalez Taiko.
Member of Halborn, SignerList (Security Council).
Member of Gattaca.
Member of SignerList (Security Council), Toni Wahrstätter.
Member of Halborn.
Member of SignerList (Security Council), Gattaca.
Member of Toni Wahrstätter.


Gating router contract to verify batches using RISC Zero.
The core Layer 1 entrypoint for the Taiko rollup where L2 block batches are proposed and their corresponding state transitions are proven. Forced inclusion submission and processing are disabled in this implementation. Proposals must come from the configured proposer checker, and if the configured prover whitelist is non-empty, proofs from non-whitelisted provers revert; the configured permissionless proving delay is not used to open proving.
Gating router contract to verify batches using SP1.
Defines the prover whitelist queried by the inbox before accepting proofs. If the inbox is configured with this contract and the whitelist is non-empty, only whitelisted provers can prove proposals.
Middleware contract that maintains ownership of DAO-controlled assets and contracts. Its token weight does not count towards the DAO quorum. Member of Taiko Foundation Treasury Multisig.
The main contract and entrypoint of the Aragon-based DAO governance framework. Fine-grained DAO permissions, proposals, voting and thresholds are configured here.
Middleware contract that maintains ownership of DAO-controlled assets and contracts. Its token weight does not count towards the DAO quorum.
A timelock with access control. The current minimum delay is 3d.
Contract managing SGX DCAP attestation policy, trusted measurements, and certificate revocation data.
ERC20 contract implementing the TAIKO token. It defines a list of addresses designated as non-voting.
Modular Governance contract allowing for proposing, voting on and executing encrypted proposals (e.g. for Security Council emergency proposals).
Verifier contract for SGX proven blocks. Registered SGX instances can sign accepted proofs until their instance expiry.
Set verifier contract for RISC Zero proofs (version 0.9.0). It allows verifying a whole set of proofs identified with a Merkle root at once, afterwards each individual proof could be efficiently verified just by checking Merkle inclusion against the verified root.
Contract managing SGX DCAP attestation policy, trusted measurements, and certificate revocation data.
A router proxy that routes to verifiers based on selectors. The mapping can be changed by a permissioned owner (TimelockController).
Maps chainId-name pairs to contract addresses. Bridge and vault contracts resolve their counterparties through this registry, so changes in this mapping effectively act as contract upgrades. The pause function is intentionally disabled in this implementation.
An optimistic governance module. Standard proposals pass and can be executed unless 10% of votable TAIKO veto them within 7d. Emergency proposals can be executed without delay.
Verifier contract for SGX proven blocks. Registered SGX instances can sign accepted proofs until their instance expiry.
Facilitates secure cross-chain message passing by storing signals and state-root checkpoints. Bridge escrows and other applications use it to prove that a specific L1<->L2 signal or checkpointed state transition occurred via Merkle proofs. Pausing disables signal proof verification.
Modular Governance contract allowing for proposing, voting on and executing proposals (e.g. for Security Council standard proposals).
Contains the whitelist of addresses eligible to propose batches on L1 and issue preconfirmations. It dynamically selects a single active operator for each epoch using a delayed Ethereum beacon block root as randomness. There is no fallback proposer path in this contract: non-selected operators cannot propose for the current epoch.
The current deployment carries some associated risks:
Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).