Search

Search for projects by name or address

Taiko Alethia logo
Taiko Alethia

Badges

About

Taiko Alethia is an Ethereum-equivalent rollup on the Ethereum network. Taiko aims at combining based sequencing and a multi-proof system through SP1, RISC0 and TEEs.


  • Total Value SecuredTVS
    $12.22 M32.9%
  • Past day UOPSDaily UOPS
    0.5718.3%
  • Gas token
    ETH
  • Type
    Other

  • Purpose
    Universal
  • Chain ID
    167000

  • Tokens breakdown

    Sequencer failureState validationData availabilityExit windowProposer failure

    Badges

    About

    Taiko Alethia is an Ethereum-equivalent rollup on the Ethereum network. Taiko aims at combining based sequencing and a multi-proof system through SP1, RISC0 and TEEs.

    Why is the project listed in others?

    The proof system isn't fully functional

    Consequence: projects without a proper proof system fully rely on single entities to safely update the state. A malicious proposer can finalize an invalid state, which can cause loss of funds.

    Learn more about the recategorisation here.


    Total
    Canonically BridgedCanonically Bridged ValueCanonical
    Natively MintedNatively Minted TokensNative
    Externally BridgedExternally Bridged ValueExternal

    ETH & derivatives
    Stablecoins
    BTC & derivatives
    Other

    2025 Jul 10 — 2026 Jul 10

    Past Day UOPS
    0.5718.3%
    Past Day Ops count
    49.08 K
    Max. UOPS
    57.89
    2024 Nov 04
    Past day UOPS/TPS Ratio
    1.00

    The section shows the operating costs that L2s pay to Ethereum.


    2025 Jul 10 — 2026 Jul 10


    Total cost
    $348.57 K
    Avg cost per L2 UOP
    $0.005246
    Avg cost per day
    $955.00

    This section shows how much data the project publishes to its data-availability (DA) layer over time. The project currently posts data toEthereumEthereum.


    2026 Apr 02 — Jul 10


    Data posted
    2.49 GiB
    Avg size per day
    25.75 MiB
    Avg size per L2 UOP
    588.30 B

    This section shows how "live" the project's operators are by displaying how frequently they submit transactions of the selected type. It also highlights anomalies - significant deviations from their typical schedule.

    No ongoing anomalies detected

    2026 Jun 10 — Jul 10

    Avg. tx data subs. interval
    8 minutes
    Avg. state updates interval
    41 minutes
    Past 30 days anomalies
    73% normal uptime

    Last 30 day anomalies

    All liveness anomalies detected for this project in the last 30 days, helping you review recent downtime and availability issues.

    No Tx data submissions were performed for 7d 23h 7m (from 2026 Jun 22, 02:10 UTC until 2026 Jun 30, 01:17 UTC). These typically occur every 8min 43s on average.

    No State updates were performed for 7d 12h 39m (from 2026 Jun 22, 02:10 UTC until 2026 Jun 29, 14:49 UTC). These typically occur every 41min 43s on average.

    Proof system exploit

    2026 Jun 22nd

    An attacker exploits a vulnerability in the SGX proof system and steals USD ~1.7M.

    Learn more

    Preconfs introduction

    2025 Aug 11th

    Taiko implements preconfs - whitelisted actors provide fast soft confirmations for L2 txs.

    Learn more
    Sequencer failureState validationData availabilityExit windowProposer failure
    Sequencer failure
    No mechanism

    There is no mechanism to have transactions be included if the sequencer is down or censoring. Although the functionality exists in the code, it is currently disabled. Forced inclusions are disabled in the current MainnetInbox implementation, so sequencer failure or censorship leads to non-inclusion.

    State validation
    Multi-proofs

    A multi-proof system is used. There are four verifiers available: SGX (Geth), SGX (Reth), SP1 and RISC0. Two of them must be used to prove a proposal range, and SGX (Geth) is mandatory. The end state root is supplied during the prove call and is checked against the accompanying SGX/zkVM proof. Proving is currently gated by ProverWhitelist, which has 2 whitelisted provers in discovery. While the whitelist is non-empty, non-whitelisted actors cannot submit proofs.

    Data availability
    Onchain

    All of the data needed for proof construction is published on Ethereum L1.

    Exit window
    None

    There is no window for users to exit in case of an unwanted upgrade since contracts are instantly upgradable.

    Proposer failure
    Cannot withdraw

    Only the whitelisted proposers can publish state roots on L1, so in the event of failure the withdrawals are frozen. Proposing is gated by PreconfWhitelist, which selects a single active operator for the current epoch and has no fallback proposer path.

    Taiko Alethia
    Taiko Alethia is not even a
    Stage 0
    project.

    Learn more about Stages
    Please keep in mind that these stages do not reflect project security, this is an opinionated assessment of project maturity based on subjective criteria, created with a goal of incentivizing projects to push toward better decentralization. Each team may have taken different paths to achieve this goal.

    All data required for proofs is published on chain

    All the data that is used to construct the system state is published on chain in the form of blobs. This ensures that it will be available for enough time.

    Learn more about the DA layer here: Ethereum logoEthereum
    Validity proofs

    Taiko uses a multi-proof system to validate state transitions. The system requires two proofs among four available verifiers: SGX (Geth), SGX (Reth), SP1, and RISC0. This means that a proposal range can be proven without providing a ZK proof if SGX (Geth) and SGX (Reth) are used together. New proposals target a proof submission cadence of 4h. Proving is currently centralized behind ProverWhitelist with 2 whitelisted provers. While the whitelist is non-empty, non-whitelisted actors cannot submit proofs, and the configured permissionless proving delay is not used to open proving. MainnetInbox currently sets minBond=0 and livenessBond=0. The multi-proof system allows detecting bugs in the verifiers if they produce different results for the same proposal range. If such a bug is detected, the system gets automatically paused.

    • Funds can be stolen if a malicious block is proven by compromised SGX instances.

    1. MainnetInbox.sol - Etherscan source code, getConfig function
    2. MainnetInbox.sol - Etherscan source code, prove function
    3. ProverWhitelist.sol - Etherscan source code

    Program Hashes

    Name
    Hash
    Repository
    Verification
    Used in
    0x0075...487e
    Taiko Alethia logo
    0x3aca...487e
    Taiko Alethia logo
    0x00e9...17bc
    Taiko Alethia logo
    0x748e...17bc
    Taiko Alethia logo
    0xa38d...908b
    Taiko Alethia logo
    0x868b...efef
    Taiko Alethia logo
    A diagram of the upgrades and governance
    A diagram of the upgrades and governance

    Taiko Alethia has a governance structure relying primarily on a 7/9 Security Council, checked by a token DAO that is limited to veto permissions. The closed operator whitelists are managed by the 4/6 Taiko Multisig and related EOAs. Governance proposals (both paths) hold all important upgrade and config permissions in the system.

    Standard proposals

    A threshold of 5 approving Security Council members is required to create a Standard proposal. It is delayed while being publicly auditable by 7d in the OptimisticTokenVotingPlugin contract and can be vetoed by 10% of votable TAIKO tokens during that time. If not vetoed, the standard proposal passes and can be executed.

    Emergency proposals

    Emergency proposals are encrypted at proposal time and can only be read by Security Council members. If approved by 7 Security Council members, they can be immediately decrypted and executed.

    Proof system and operators

    The proof system currently does not require zk proofs to validate state transitions and state can be finalized with SGX proofs only. The optional zk verifier contracts can be upgraded by Multisigs. Operator roles (sequencer, proposer) are closed and the whitelist is managed by the Taiko Multisig and related EOAs.

    Past upgrades

    The metrics include upgrades on the currently used proxy contracts. Historical proxy contracts and changes of such are not included.

    Count of upgrades
    23
    Last upgrade
    10d 15h ago
    Avg upgrade interval
    3mo 13d
    2026 July 08, 11:21 UTC
    5changes

    Quota changes 150K - 250K per day for stables (USDT and USDC).

    contract QuotaManager (eth:0xBaCb003f0B13CeAF09Eb9Baf5915A640BD4Bc6cC) [taiko/QuotaManager] {
    +++ description: Defines withdrawal quotas for ETH and ERC20 releases from the shared bridge. A token quota of zero means unlimited withdrawals for that token.
    values.tokenQuotas.3.quota:
    - "150,000"
    + "250,000"
    values.tokenQuotas.4.quota:
    - "150,000"
    + "250,000"
    }
    contract PreconfWhitelist (eth:0xFD019460881e6EeC632258222393d5821029b2ac) [taiko/PreconfWhitelist] {
    +++ description: Contains the whitelist of addresses eligible to propose batches on L1 and issue preconfirmations. It dynamically selects a single active operator for each epoch using a delayed Ethereum beacon block root as randomness. There is no fallback proposer path in this contract: non-selected operators cannot propose for the current epoch.
    values.operatorMapping.2:
    + "eth:0xCbeB5d484b54498d3893A0c3Eb790331962e9e9d"
    }
    2026 July 02, 07:58 UTC
    High severity
    11changes

    Bridges unpaused. Taiko is live again, without forced transactions or proposer fallback.

    contract SignerList (Security Council) (eth:0x0F95E6968EC1B28c794CF1aD99609431de5179c2) [taiko/SignerList] {
    +++ description: A signer list for storing multisig members and their agents, stores the addresses of the Multisigs that use this signer list. Each signer delegates their permissions to their agent address that they can configure here.
    values.$members.4:
    - "eth:0x4236f57E9dBc238878EFac4AeF0A16D4dD06DC1A"
    + "eth:0xbC40317A69CB1D1aF2CBcfE32C8B7a6840Dc287a"
    }
    contract EmergencyMultisig (eth:0x2AffADEb2ef5e1F2a7F58964ee191F1e88317ECd) [taiko/EmergencyMultisig] {
    +++ description: Modular Governance contract allowing for proposing, voting on and executing encrypted proposals (e.g. for Security Council emergency proposals).
    +++ description: total count of encrypted emergency proposals created.
    +++ severity: HIGH
    values.proposalCount:
    - 34
    + 35
    }
    contract OptimisticTokenVotingPlugin (eth:0x989E348275b659d36f8751ea1c10D146211650BE) [taiko/OptimisticTokenVotingPlugin] {
    +++ description: An optimistic governance module. Standard proposals pass and can be executed unless 10% of votable TAIKO veto them within 7d. Emergency proposals can be executed without delay.
    values.proposalCount:
    - 35
    + 36
    values.proposalIds.35:
    + "606707631305171219093581685850458871248271179811"
    }
    contract MainnetERC20Vault (eth:0x996282cA11E5DEb6B5D122CC3B9A1FcAAD4415Ab) [taiko/SharedERC20Vault] {
    +++ description: Shared vault for Taiko chains for bridged ERC20 tokens. Pausing stops token sends, message-triggered releases, and recalls. Released or minted tokens are subject to the configured quota manager.
    +++ severity: HIGH
    values.paused:
    - true
    + false
    }
    contract MainnetBridge (eth:0xd60247c6848B7Ca29eDdF63AA924E53dB6Ddd8EC) [taiko/TaikoBridge] {
    +++ description: Shared bridge escrow for Taiko chains for bridged ETH and arbitrary bridge messages. Pausing stops sending, processing, recalling, retrying, and failing messages. ETH released from the bridge is subject to the configured quota manager.
    +++ severity: HIGH
    values.paused:
    - true
    + false
    }
    2026 June 30, 13:05 UTC
    High severity
    157changes

    MainnetInbox is upgraded to the restricted implementation with forced inclusions disabled; proposals are gated by PreconfWhitelist with no fallback proposer path, proving routes through MainnetVerifier, and bridge/vault releases are governed by QuotaManager. diffs: - over all contracts: unrelated formatting changes and hardcoding of addresses instead of using the resolver - signalService: https://disco.l2beat.com/diff/eth:0xBC442F342FE247Dc7981AC7Fbe8293c8891F8752/eth:0x1A06832992785766a105838C95c1E13a0045AC85 adds immutable pauser/unpause and VERSION invalidates all old cache + checkpoints - MainnetBridge: https://disco.l2beat.com/diff/eth:0x2705B12a971dA766A3f9321a743d61ceAD67dA2F/eth:0x1c94D798CFA08F396E5BA9F81697289c53273381 quota changes and init3 sets three message hashes (0x9972, 0xf299, 0xea26) to DONE (currently RETRYABLE) - MainnetERC20Vault: https://disco.l2beat.com/diff/eth:0xb20C8Ffc2dD49596508d262b6E8B6817e9790E63/eth:0x024253C6FDC27d3161aFd43fb0241411A28dDc3c quota changes - MainnetInbox: https://disco.l2beat.com/diff/eth:0x349Ae3578f48F758d79451EeAB61Cdd5fedD0098/eth:0x64523f2580f4E7038a121D55b220a9C12C1E8f01 (init2/rollback to lastFinalizedProposalId = 18051 , lastFinalizedBlockHash = 0x64c2ada556b6862d2c8796e0f709c454fede9d03908711a9f04d9f9f9dcce470 , disable forced inclusion) - MainnetVerifier: https://disco.l2beat.com/diff/eth:0x9cAa4948381590900FCdd8a4F06EB24138eD665d/eth:0x71808449A6217898d602c1a392D95b931Ac5d878 pointers changes only - sgxgeth: https://disco.l2beat.com/diff/eth:0x08568Df252ecf37D6C3eFD24f6ca3688118697F1/eth:0x41e79EB4F03aBB5DF8716B759528dc5d8f6a84Ee add registrar 0x9CBeE534B5D8a6280e01a14844Ee8aF350399C7F (whitelisted registerInstance caller), add SGX FORBIDDEN ATTRIBUTE MASK to blacklist debug mode - sgxreth: https://disco.l2beat.com/diff/eth:0x08568Df252ecf37D6C3eFD24f6ca3688118697F1/eth:0x41e79EB4F03aBB5DF8716B759528dc5d8f6a84Ee same as above - sp1RethVerifier: https://disco.l2beat.com/diff/eth:0x96337327648dcFA22b014009cf10A2D5E2F305f6/eth:0x73A0Db393ef87ce781ac7957bE10D6628432100F no source diff, but removes all trusted vkeys and adds four new ones - risc0RethVerifier: all image ids removed, added two new ones ( 0xa38d1fac63aa6a553fdb6fea01fdc96534564c31de916aaafe5f5a1dd3bb908b , 0x868b5154ae01a9a045051da2d7ba2e21d4132c7ec096da343fa24149407fefef ) - dcap 0x0ffa4A625ED9DB32B70F99180FD00759fc3e9261(geth): mrSigners = ['0x48fa5bbad91d274735d238715913c8712a7505bb6d0dd832764bedb46d587013'] , mrEnclaves = ['0xbefb2c7ec44cefe57f4ff0ca815a8b8f15e05631bf3abe36cbc12d28f778fa36'] - dcap 0x8d7C954960a36a7596d7eA4945dDf891967ca8A3(reth): mrSigners = ['0x48fa5bbad91d274735d238715913c8712a7505bb6d0dd832764bedb46d587013'] , mrEnclaves = ['0xdccd8f30ea4a137ddfa63d743e3aa7c7a8e80585912d19c4b66f7d8d6098bec4', '0x92dd96a170d1ffb998afa210b3ef8af8c408ab76c4717e0eb8076d4a5da4e740'] - all other enclaves and the old signer are removed Program hashes source used: taikoxyz/raiko2 v0.5.1, commit b08f4c57cd69a0f8dc1316a21f4ce4b08eddbebe. Regenerated values match exactly: risc0 aggregation image id 0x868b5154ae01a9a045051da2d7ba2e21d4132c7ec096da343fa24149407fefef risc0 proposal image id 0xa38d1fac63aa6a553fdb6fea01fdc96534564c31de916aaafe5f5a1dd3bb908b sp1 aggregation vk bn254 0x00e91cb391c22d6fd015e4c6041dbbe6efb2d8be6d4046eec28f12acba5a17bc sp1 aggregation vk hash bytes 0x748e59c8708b5bf402bc98c041dbbe6e7d96c5f335011bbb051e25593a5a17bc sp1 proposal vk bn254 0x007594632ec31fae9d44799b97316fcbcaa3ff6b5db268c7a5d8025b3bbb487e sp1 proposal vk hash bytes 0x3aca319730c7eba7288f33727316fcbc551ffb5a76c9a31e4bb004b63bbb487e

    contract TaikoRisc0Verifier (eth:0x059dAF31F571da48Ab4e74Ae12F64f907681Cd8b) [taiko/Risc0Verifier] {
    +++ description: Gating router contract to verify batches using RISC Zero.
    +++ description: Taiko specific Image IDs (i.e. program digest) of Risc0 programs (block proving and aggregation program separately) trusted by this verifier gateway. Only proofs for these programs can be successfully verified. Note that proofs contains image ID data within them.
    +++ severity: HIGH
    values.trustedImages.0:
    - "0x779c032b91d0730ef13b26eafa47b32df7ebdaa4ed766d587fe905530afa2544"
    +++ description: Taiko specific Image IDs (i.e. program digest) of Risc0 programs (block proving and aggregation program separately) trusted by this verifier gateway. Only proofs for these programs can be successfully verified. Note that proofs contains image ID data within them.
    +++ severity: HIGH
    values.trustedImages.1:
    - "0x26abb0237d10e891443e2a76bd3c1f6704c1ad03c07cb2165f4afcfc64b3cee7"
    +++ description: Taiko specific Image IDs (i.e. program digest) of Risc0 programs (block proving and aggregation program separately) trusted by this verifier gateway. Only proofs for these programs can be successfully verified. Note that proofs contains image ID data within them.
    +++ severity: HIGH
    values.trustedImages.2:
    - "0x46efe5e0c74976548ee6856789fbfb4929b8f2f9118a119c57ced6e1062e727b"
    +++ description: Taiko specific Image IDs (i.e. program digest) of Risc0 programs (block proving and aggregation program separately) trusted by this verifier gateway. Only proofs for these programs can be successfully verified. Note that proofs contains image ID data within them.
    +++ severity: HIGH
    values.trustedImages.3:
    - "0xdfbce2039ad8b78b236b5a9dceba5d8cee0d9e4638fc8f1fe11a0b2d8bfa039e"
    +++ description: Taiko specific Image IDs (i.e. program digest) of Risc0 programs (block proving and aggregation program separately) trusted by this verifier gateway. Only proofs for these programs can be successfully verified. Note that proofs contains image ID data within them.
    +++ severity: HIGH
    values.trustedImages.4:
    - "0xbee1be4cbe2bdf9b0034a1ab6572061a76019e73189ff96322e58ab229b75f92"
    + "0xa38d1fac63aa6a553fdb6fea01fdc96534564c31de916aaafe5f5a1dd3bb908b"
    +++ description: Taiko specific Image IDs (i.e. program digest) of Risc0 programs (block proving and aggregation program separately) trusted by this verifier gateway. Only proofs for these programs can be successfully verified. Note that proofs contains image ID data within them.
    +++ severity: HIGH
    values.trustedImages.5:
    - "0xcecc85819e15d173c2991577727525b136e820728f7aaaede612f1281cac2249"
    + "0x868b5154ae01a9a045051da2d7ba2e21d4132c7ec096da343fa24149407fefef"
    }
    - Status: DELETED
    contract SgxVerifier (eth:0x08568Df252ecf37D6C3eFD24f6ca3688118697F1) [taiko/SgxVerifier]
    +++ description: Verifier contract for SGX proven blocks. Registered SGX instances can sign accepted proofs until their instance expiry.
    contract SignerList (Security Council) (eth:0x0F95E6968EC1B28c794CF1aD99609431de5179c2) [taiko/SignerList] {
    +++ description: A signer list for storing multisig members and their agents, stores the addresses of the Multisigs that use this signer list. Each signer delegates their permissions to their agent address that they can configure here.
    receivedPermissions.1:
    - {"permission":"interact","from":"eth:0x08568Df252ecf37D6C3eFD24f6ca3688118697F1","description":"add SGX instances without DCAP attestation and delete registered instances.","role":".owner","via":[{"address":"eth:0x75Ba76403b13b26AD1beC70D6eE937314eeaCD0a"},{"address":"eth:0x9CDf589C941ee81D75F34d3755671d614f7cf261","delay":604800,"condition":"(emergency proposals bypass the delay)"}]}
    receivedPermissions.4:
    + {"permission":"interact","from":"eth:0x41e79EB4F03aBB5DF8716B759528dc5d8f6a84Ee","description":"add SGX instances without DCAP attestation and delete registered instances.","role":".owner","via":[{"address":"eth:0x75Ba76403b13b26AD1beC70D6eE937314eeaCD0a"},{"address":"eth:0x9CDf589C941ee81D75F34d3755671d614f7cf261","delay":604800,"condition":"(emergency proposals bypass the delay)"}]}
    receivedPermissions.6:
    + {"permission":"interact","from":"eth:0x73A0Db393ef87ce781ac7957bE10D6628432100F","description":"manage trusted SP1 program verification keys.","role":".owner","via":[{"address":"eth:0x75Ba76403b13b26AD1beC70D6eE937314eeaCD0a"},{"address":"eth:0x9CDf589C941ee81D75F34d3755671d614f7cf261","delay":604800,"condition":"(emergency proposals bypass the delay)"}]}
    receivedPermissions.7:
    - {"permission":"interact","from":"eth:0x91f67118DD47d502B1f0C354D0611997B022f29E","description":"update token withdrawal quotas and the quota refill period.","role":".owner","via":[{"address":"eth:0x75Ba76403b13b26AD1beC70D6eE937314eeaCD0a"},{"address":"eth:0x9CDf589C941ee81D75F34d3755671d614f7cf261","delay":604800,"condition":"(emergency proposals bypass the delay)"}]}
    receivedPermissions.8.description:
    - "manage trusted SP1 program verification keys."
    + "update the contract address registered for any chainId-name pair."
    receivedPermissions.8.from:
    - "eth:0x96337327648dcFA22b014009cf10A2D5E2F305f6"
    + "eth:0x8Efa01564425692d0a0838DC10E300BD310Cb43e"
    receivedPermissions.12:
    + {"permission":"interact","from":"eth:0x9D3C595BFf6Ff7D2b2CbdEcF94aD917eB2fCFFd8","description":"add SGX instances without DCAP attestation and delete registered instances.","role":".owner","via":[{"address":"eth:0x75Ba76403b13b26AD1beC70D6eE937314eeaCD0a"},{"address":"eth:0x9CDf589C941ee81D75F34d3755671d614f7cf261","delay":604800,"condition":"(emergency proposals bypass the delay)"}]}
    receivedPermissions.13:
    - {"permission":"interact","from":"eth:0xa1018Ba2e22139076f91dA2A856B2CAB22d968F6","description":"add SGX instances without DCAP attestation and delete registered instances.","role":".owner","via":[{"address":"eth:0x75Ba76403b13b26AD1beC70D6eE937314eeaCD0a"},{"address":"eth:0x9CDf589C941ee81D75F34d3755671d614f7cf261","delay":604800,"condition":"(emergency proposals bypass the delay)"}]}
    receivedPermissions.17:
    - {"permission":"interact","from":"eth:0xEf9EaA1dd30a9AA1df01c36411b5F082aA65fBaa","description":"can update the contract address for a given name","role":".owner","via":[{"address":"eth:0x75Ba76403b13b26AD1beC70D6eE937314eeaCD0a"},{"address":"eth:0x9CDf589C941ee81D75F34d3755671d614f7cf261","delay":604800,"condition":"(emergency proposals bypass the delay)"}]}
    receivedPermissions.24.from:
    - "eth:0x91f67118DD47d502B1f0C354D0611997B022f29E"
    + "eth:0x8Efa01564425692d0a0838DC10E300BD310Cb43e"
    receivedPermissions.30:
    - {"permission":"upgrade","from":"eth:0xEf9EaA1dd30a9AA1df01c36411b5F082aA65fBaa","role":"admin","via":[{"address":"eth:0x75Ba76403b13b26AD1beC70D6eE937314eeaCD0a"},{"address":"eth:0x9CDf589C941ee81D75F34d3755671d614f7cf261","delay":604800,"condition":"(emergency proposals bypass the delay)"}]}
    }
    contract AutomataDcapV3Attestation (eth:0x0ffa4A625ED9DB32B70F99180FD00759fc3e9261) [taiko/AutomataDcapV3Attestation] {
    +++ description: Contract managing SGX DCAP attestation policy, trusted measurements, and certificate revocation data.
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.0:
    - "0xfda8bb1fc9938700c25353c0a5fabc96a238e69ce8e35f08e558831a20db33a6"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.1:
    - "0x692c8624d30a327340b0dfbb67203e941175ac700d1a058c717e5269103d37e6"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.2:
    - "0x3e6113a23bbdf9231520153253047d02db8f1dd38a9b52914ab7943278f52db0"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.3:
    - "0xd1f43acede51c4eb2f66b86cce52682edad80b810b9d87fba3a9b67254c91b77"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.4:
    - "0x398be8424f27802b38e6e8d3413bf6a0b187349e68522a218f5bfc00279006ac"
    + "0xbefb2c7ec44cefe57f4ff0ca815a8b8f15e05631bf3abe36cbc12d28f778fa36"
    +++ description: Trusted SGX signer measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrSigners.0:
    - "0xca0583a715534a8c981b914589a7f0dc5d60959d9ae79fb5353299a4231673d5"
    + "0x48fa5bbad91d274735d238715913c8712a7505bb6d0dd832764bedb46d587013"
    }
    contract EmergencyMultisig (eth:0x2AffADEb2ef5e1F2a7F58964ee191F1e88317ECd) [taiko/EmergencyMultisig] {
    +++ description: Modular Governance contract allowing for proposing, voting on and executing encrypted proposals (e.g. for Security Council emergency proposals).
    +++ description: total count of encrypted emergency proposals created.
    +++ severity: HIGH
    values.proposalCount:
    - 33
    + 34
    }
    contract MainnetInbox (eth:0x6f21C543a4aF5189eBdb0723827577e1EF57ef1f) [taiko/MainnetInboxRestricted] {
    +++ description: The core Layer 1 entrypoint for the Taiko rollup where L2 block batches are proposed and their corresponding state transitions are proven. Forced inclusion submission and processing are disabled in this implementation. Proposals must come from the configured proposer checker, and if the configured prover whitelist is non-empty, proofs from non-whitelisted provers revert; the configured permissionless proving delay is not used to open proving.
    sourceHashes.1:
    - "0xc8fb004590f1c60e5c9735be36da74676fdc93286aa44749d3156ad33bc416e7"
    + "0xd6d3af78f692a4c928f8e1b046eca6884ed0d15d120df586c3509c802795d433"
    values.$implementation:
    - "eth:0x349Ae3578f48F758d79451EeAB61Cdd5fedD0098"
    + "eth:0x64523f2580f4E7038a121D55b220a9C12C1E8f01"
    values.$pastUpgrades.2:
    + ["2026-06-29T13:18:35.000Z","0xae7122add731c935d54d726ebe542e7d4f9f7321e3bdf4ec794309f813d981f7",["eth:0x64523f2580f4E7038a121D55b220a9C12C1E8f01"]]
    values.$upgradeCount:
    - 2
    + 3
    values.getConfig.proofVerifier:
    - "eth:0x9cAa4948381590900FCdd8a4F06EB24138eD665d"
    + "eth:0x71808449A6217898d602c1a392D95b931Ac5d878"
    values.impl:
    - "eth:0x349Ae3578f48F758d79451EeAB61Cdd5fedD0098"
    + "eth:0x64523f2580f4E7038a121D55b220a9C12C1E8f01"
    implementationNames.eth:0x349Ae3578f48F758d79451EeAB61Cdd5fedD0098:
    - "MainnetInbox"
    implementationNames.eth:0x64523f2580f4E7038a121D55b220a9C12C1E8f01:
    + "MainnetInbox"
    }
    contract TaikoDAOController (eth:0x75Ba76403b13b26AD1beC70D6eE937314eeaCD0a) [taiko/TaikoDAOController] {
    +++ description: Middleware contract that maintains ownership of DAO-controlled assets and contracts. Its token weight does not count towards the DAO quorum.
    directlyReceivedPermissions.1:
    - {"permission":"interact","from":"eth:0x08568Df252ecf37D6C3eFD24f6ca3688118697F1","description":"add SGX instances without DCAP attestation and delete registered instances.","role":".owner"}
    directlyReceivedPermissions.2:
    + {"permission":"interact","from":"eth:0x41e79EB4F03aBB5DF8716B759528dc5d8f6a84Ee","description":"add SGX instances without DCAP attestation and delete registered instances.","role":".owner"}
    directlyReceivedPermissions.4:
    + {"permission":"interact","from":"eth:0x73A0Db393ef87ce781ac7957bE10D6628432100F","description":"manage trusted SP1 program verification keys.","role":".owner"}
    directlyReceivedPermissions.5:
    - {"permission":"interact","from":"eth:0x91f67118DD47d502B1f0C354D0611997B022f29E","description":"update token withdrawal quotas and the quota refill period.","role":".owner"}
    directlyReceivedPermissions.6.description:
    - "manage trusted SP1 program verification keys."
    + "update the contract address registered for any chainId-name pair."
    directlyReceivedPermissions.6.from:
    - "eth:0x96337327648dcFA22b014009cf10A2D5E2F305f6"
    + "eth:0x8Efa01564425692d0a0838DC10E300BD310Cb43e"
    directlyReceivedPermissions.8:
    + {"permission":"interact","from":"eth:0x9D3C595BFf6Ff7D2b2CbdEcF94aD917eB2fCFFd8","description":"add SGX instances without DCAP attestation and delete registered instances.","role":".owner"}
    directlyReceivedPermissions.9:
    - {"permission":"interact","from":"eth:0xa1018Ba2e22139076f91dA2A856B2CAB22d968F6","description":"add SGX instances without DCAP attestation and delete registered instances.","role":".owner"}
    directlyReceivedPermissions.12:
    - {"permission":"interact","from":"eth:0xEf9EaA1dd30a9AA1df01c36411b5F082aA65fBaa","description":"can update the contract address for a given name","role":".owner"}
    directlyReceivedPermissions.18.from:
    - "eth:0x91f67118DD47d502B1f0C354D0611997B022f29E"
    + "eth:0x8Efa01564425692d0a0838DC10E300BD310Cb43e"
    directlyReceivedPermissions.23:
    - {"permission":"upgrade","from":"eth:0xEf9EaA1dd30a9AA1df01c36411b5F082aA65fBaa","role":"admin"}
    }
    contract AutomataDcapV3Attestation (eth:0x8d7C954960a36a7596d7eA4945dDf891967ca8A3) [taiko/AutomataDcapV3Attestation] {
    +++ description: Contract managing SGX DCAP attestation policy, trusted measurements, and certificate revocation data.
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.0:
    - "0xdfcb4fca3073e3f3a90b05d328688c32619d56f26789c0a9797aa10e765a7807"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.1:
    - "0xbdec26abd36fde2cfbb8db7a0793a9346b11bd558b39890407d458500711c88c"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.2:
    - "0xa5f741bfed254a1e21738d429e7bd074e25918af7f71fbe1e0135c3974b06e00"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.3:
    - "0x3551faac39edee5abfaa19ab065c217db1485aebae255a9edddf6dfff6b29b52"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.4:
    - "0x13ea9869632ac20b176ae0fdc39998b2a644a695db024ef7fe0e4b3c59084160"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.5:
    - "0xa096348d480eb0474f5eab182671933c029545521960d87d4e49283005809be9"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.6:
    - "0xa4eedfc6484494d4c08bfb9b9dd887c6e0540ba9d8ee207fe0e16814852e3356"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.7:
    - "0xc90e5d2e39d1d3f8397a6048c32ba50139d1577c28985e1f7638785935f41734"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.8:
    - "0x9546301721e2ea111ab0f79b6e529d6bb6c486ac98bcf7739429ad06c09db63d"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.9:
    - "0x3f71cf178a032816c2731a43aef746c464a5326e891dc881773ec2b599b2cf0a"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.10:
    - "0xdcd483d3406d9b1871bb92420f5a080c4372e0d6b8522a4a2cb91a0f736669c6"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.11:
    - "0x3b589538b775ddbfc5fb028167ff846116159e6687aef9f849ca5a70a7871ea5"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.12:
    - "0xb09f9005e4612526e378466b5c16ab6028478e81c085812d6ed37166c4cda10e"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.13:
    - "0x6e43c1d575b5b785d0f6259dfac44998c6f0c164864f9f98270fb740c14eb943"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.14:
    - "0x631778b0d420d2d0bba4c730b0fd74857afeefb3429371ae97ab450e40ca127e"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.15:
    - "0x482b06132c4306ea55bc34ff90d46532ff4151f473dbfe4d2cb2442af2ff288b"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.16:
    - "0xca349ba0dfeced0bd837a56c97417c11e51d490eec4ff08321dd130776a413bd"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.17:
    - "0xe2375b778ee5700a73c7fcf449abb4a62e00127d324b6694898073ba5aff4f5c"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.18:
    - "0x67742ab222790e20ba3656b3b294645a3384a5df5a770b86f8c06529523d990e"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.19:
    - "0xddda8ba9c9153e3d2f680f2f53adbc774a9753cc55d40dde4cb02aef38c42109"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.20:
    - "0xe5774b71990b0d5f3eca8d4d22546764dd9549c743a1a6d4d4863d97f6b8c67a"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.21:
    - "0x605ad10c1a56ed7289f198d64a39a952cd3b8a0bed3fcb19c8301c1847dc3a2f"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.22:
    - "0x59bf7d48610cc8a56ba8a390b68c31a1443297869b174aeacac67dc152820f0e"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.23:
    - "0xf285b7cbd78d2b96cdc54cfea3e47d8f510a4b4f91b719c97f8bbb90974f805b"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.24:
    - "0x8f73135b83a84126c7fff37ea02f9363e134aea0f6446b13e198b20d94e75099"
    + "0xdccd8f30ea4a137ddfa63d743e3aa7c7a8e80585912d19c4b66f7d8d6098bec4"
    +++ description: Trusted SGX enclave measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrEnclaves.25:
    - "0x72258d3cae0e9901d0efc1f630064f1c44f11950bd25fee0b62ec8df84532da2"
    + "0x92dd96a170d1ffb998afa210b3ef8af8c408ab76c4717e0eb8076d4a5da4e740"
    +++ description: Trusted SGX signer measurements accepted by attestation verification.
    +++ severity: HIGH
    values.mrSigners.0:
    - "0xca0583a715534a8c981b914589a7f0dc5d60959d9ae79fb5353299a4231673d5"
    + "0x48fa5bbad91d274735d238715913c8712a7505bb6d0dd832764bedb46d587013"
    }
    - Status: DELETED
    contract QuotaManager (eth:0x91f67118DD47d502B1f0C354D0611997B022f29E) [taiko/QuotaManager]
    +++ description: Defines withdrawal quotas for ETH and ERC20 releases from the shared bridge. A token quota of zero means unlimited withdrawals for that token.
    - Status: DELETED
    contract TaikoSP1Verifier (eth:0x96337327648dcFA22b014009cf10A2D5E2F305f6) [taiko/SP1Verifier]
    +++ description: Gating router contract to verify batches using SP1.
    contract OptimisticTokenVotingPlugin (eth:0x989E348275b659d36f8751ea1c10D146211650BE) [taiko/OptimisticTokenVotingPlugin] {
    +++ description: An optimistic governance module. Standard proposals pass and can be executed unless 10% of votable TAIKO veto them within 7d. Emergency proposals can be executed without delay.
    values.proposalCount:
    - 34
    + 35
    values.proposalIds.34:
    + "606634685654739111357042014770979344991156961314"
    }
    contract MainnetERC20Vault (eth:0x996282cA11E5DEb6B5D122CC3B9A1FcAAD4415Ab) [taiko/SharedERC20Vault] {
    +++ description: Shared vault for Taiko chains for bridged ERC20 tokens. Pausing stops token sends, message-triggered releases, and recalls. Released or minted tokens are subject to the configured quota manager.
    sourceHashes.1:
    - "0x4e0dd5fa918b3b1229feb85baaac3bf6d7fffd21febcdeb7a4f3bf62e22c9031"
    + "0x9b624be34d3f91047fd5ee6a056fd5d81ed43c3ba757e53661aeb4e4dabfe4aa"
    values.$implementation:
    - "eth:0xb20C8Ffc2dD49596508d262b6E8B6817e9790E63"
    + "eth:0x024253C6FDC27d3161aFd43fb0241411A28dDc3c"
    values.$pastUpgrades.8:
    + ["2026-06-29T13:18:35.000Z","0xae7122add731c935d54d726ebe542e7d4f9f7321e3bdf4ec794309f813d981f7",["eth:0x024253C6FDC27d3161aFd43fb0241411A28dDc3c"]]
    values.$upgradeCount:
    - 8
    + 9
    values.addressManager:
    - "eth:0xEf9EaA1dd30a9AA1df01c36411b5F082aA65fBaa"
    values.impl:
    - "eth:0xb20C8Ffc2dD49596508d262b6E8B6817e9790E63"
    + "eth:0x024253C6FDC27d3161aFd43fb0241411A28dDc3c"
    values.lastUnpausedAt:
    - 0
    +++ description: Quota manager that rate-limits ERC20 tokens released or minted by this vault.
    values.quotaManager:
    + "eth:0xBaCb003f0B13CeAF09Eb9Baf5915A640BD4Bc6cC"
    values.resolver:
    + "eth:0x8Efa01564425692d0a0838DC10E300BD310Cb43e"
    implementationNames.eth:0xb20C8Ffc2dD49596508d262b6E8B6817e9790E63:
    - "MainnetERC20Vault"
    implementationNames.eth:0x024253C6FDC27d3161aFd43fb0241411A28dDc3c:
    + "MainnetERC20Vault"
    receivedPermissions:
    + [{"permission":"interact","from":"eth:0xBaCb003f0B13CeAF09Eb9Baf5915A640BD4Bc6cC","description":"consume ERC20 withdrawal quota when tokens leave the vault.","role":".erc20Vault"}]
    }
    - Status: DELETED
    contract MainnetVerifier (eth:0x9cAa4948381590900FCdd8a4F06EB24138eD665d) [taiko/MainnetVerifier]
    +++ description: Immutable verifier policy contract for Taiko mainnet. Each accepted proof must contain exactly two ordered sub-proofs: either SGX-GETH plus SGX-RETH/RISC0-RETH/SP1-RETH, or SGX-RETH plus SGX-GETH/RISC0-RETH/SP1-RETH. It routes each sub-proof to the corresponding downstream verifier.
    contract Taiko Multisig (eth:0x9CBeE534B5D8a6280e01a14844Ee8aF350399C7F) [GnosisSafe] {
    +++ description: None
    receivedPermissions.0:
    + {"permission":"interact","from":"eth:0x41e79EB4F03aBB5DF8716B759528dc5d8f6a84Ee","description":"register SGX instances after DCAP attestation verification.","role":".registrar"}
    receivedPermissions.1:
    + {"permission":"interact","from":"eth:0x9D3C595BFf6Ff7D2b2CbdEcF94aD917eB2fCFFd8","description":"register SGX instances after DCAP attestation verification.","role":".registrar"}
    receivedPermissions.2:
    + {"permission":"interact","from":"eth:0x9e0a24964e5397B566c1ed39258e21aB5E35C77C","description":"pause and unpause signal proof verification.","role":".pauser"}
    receivedPermissions.3:
    + {"permission":"interact","from":"eth:0xBaCb003f0B13CeAF09Eb9Baf5915A640BD4Bc6cC","description":"update token withdrawal quotas and the quota refill period.","role":".owner"}
    receivedPermissions.4:
    + {"permission":"interact","from":"eth:0xd60247c6848B7Ca29eDdF63AA924E53dB6Ddd8EC","description":"pause and unpause bridge message flows and fund the bridge through direct ETH transfers.","role":".pauser"}
    }
    contract SignalService (eth:0x9e0a24964e5397B566c1ed39258e21aB5E35C77C) [taiko/SignalService] {
    +++ description: Facilitates secure cross-chain message passing by storing signals and state-root checkpoints. Bridge escrows and other applications use it to prove that a specific L1<->L2 signal or checkpointed state transition occurred via Merkle proofs. Pausing disables signal proof verification.
    sourceHashes.1:
    - "0x20f8b06e752acd9eaddb6745d7eba47d69302f638a83d0db11476c03ece409d5"
    + "0xfd960cdf5013fd75aa9b95c2a792457825615084b91ef437440d93599aba9de8"
    values.$implementation:
    - "eth:0xBC442F342FE247Dc7981AC7Fbe8293c8891F8752"
    + "eth:0x1A06832992785766a105838C95c1E13a0045AC85"
    values.$pastUpgrades.10:
    + ["2026-06-29T13:18:35.000Z","0xae7122add731c935d54d726ebe542e7d4f9f7321e3bdf4ec794309f813d981f7",["eth:0x1A06832992785766a105838C95c1E13a0045AC85"]]
    values.$upgradeCount:
    - 10
    + 11
    values.impl:
    - "eth:0xBC442F342FE247Dc7981AC7Fbe8293c8891F8752"
    + "eth:0x1A06832992785766a105838C95c1E13a0045AC85"
    values.pauser:
    + "eth:0x9CBeE534B5D8a6280e01a14844Ee8aF350399C7F"
    values.VERSION:
    + 1
    implementationNames.eth:0xBC442F342FE247Dc7981AC7Fbe8293c8891F8752:
    - "SignalService"
    implementationNames.eth:0x1A06832992785766a105838C95c1E13a0045AC85:
    + "SignalService"
    }
    - Status: DELETED
    contract SgxVerifier (eth:0xa1018Ba2e22139076f91dA2A856B2CAB22d968F6) [taiko/SgxVerifier]
    +++ description: Verifier contract for SGX proven blocks. Registered SGX instances can sign accepted proofs until their instance expiry.
    contract MainnetBridge (eth:0xd60247c6848B7Ca29eDdF63AA924E53dB6Ddd8EC) [taiko/TaikoBridge] {
    +++ description: Shared bridge escrow for Taiko chains for bridged ETH and arbitrary bridge messages. Pausing stops sending, processing, recalling, retrying, and failing messages. ETH released from the bridge is subject to the configured quota manager.
    sourceHashes.1:
    - "0xa98023db33dc6ad6957a1c18e9e67712facad7f801f9437a6b05cf48aca80135"
    + "0x61b87867a3f041292eb5da7940c9fc5d33aee32c063a7cf1696beb6eafac4a2b"
    values.$implementation:
    - "eth:0x2705B12a971dA766A3f9321a743d61ceAD67dA2F"
    + "eth:0x1c94D798CFA08F396E5BA9F81697289c53273381"
    values.$pastUpgrades.12:
    + ["2026-06-29T13:18:35.000Z","0xae7122add731c935d54d726ebe542e7d4f9f7321e3bdf4ec794309f813d981f7",["eth:0x1c94D798CFA08F396E5BA9F81697289c53273381"]]
    values.$upgradeCount:
    - 12
    + 13
    values.addressManager:
    - "eth:0xEf9EaA1dd30a9AA1df01c36411b5F082aA65fBaa"
    values.impl:
    - "eth:0x2705B12a971dA766A3f9321a743d61ceAD67dA2F"
    + "eth:0x1c94D798CFA08F396E5BA9F81697289c53273381"
    values.lastUnpausedAt:
    - 1716809423
    values.pauser:
    + "eth:0x9CBeE534B5D8a6280e01a14844Ee8aF350399C7F"
    +++ description: Quota manager that rate-limits ETH released by processed or recalled bridge messages.
    values.quotaManager:
    + "eth:0xBaCb003f0B13CeAF09Eb9Baf5915A640BD4Bc6cC"
    values.resolver:
    + "eth:0x8Efa01564425692d0a0838DC10E300BD310Cb43e"
    +++ description: Signal service used to prove cross-chain message delivery and failure signals.
    values.signalService:
    + "eth:0x9e0a24964e5397B566c1ed39258e21aB5E35C77C"
    implementationNames.eth:0x2705B12a971dA766A3f9321a743d61ceAD67dA2F:
    - "MainnetBridge"
    implementationNames.eth:0x1c94D798CFA08F396E5BA9F81697289c53273381:
    + "MainnetBridge"
    receivedPermissions:
    + [{"permission":"interact","from":"eth:0xBaCb003f0B13CeAF09Eb9Baf5915A640BD4Bc6cC","description":"consume ETH withdrawal quota when ETH leaves the bridge.","role":".bridge"}]
    }
    - Status: DELETED
    contract L1SharedAddressManager (eth:0xEf9EaA1dd30a9AA1df01c36411b5F082aA65fBaa) [taiko/L1SharedAddressManager]
    +++ description: Maps contract names to contract addresses. Changes in this mapping effectively act as contract upgrades.
    contract PreconfWhitelist (eth:0xFD019460881e6EeC632258222393d5821029b2ac) [taiko/PreconfWhitelist] {
    +++ description: Contains the whitelist of addresses eligible to propose batches on L1 and issue preconfirmations. It dynamically selects a single active operator for each epoch using a delayed Ethereum beacon block root as randomness. There is no fallback proposer path in this contract: non-selected operators cannot propose for the current epoch.
    values.operatorMapping.0:
    + "eth:0x000cb000E880A92a8f383D69dA2142a969B93DE7"
    }
    + Status: CREATED
    contract SecureSgxVerifier (eth:0x41e79EB4F03aBB5DF8716B759528dc5d8f6a84Ee) [taiko/SgxVerifier]
    +++ description: Verifier contract for SGX proven blocks. Registered SGX instances can sign accepted proofs until their instance expiry.
    + Status: CREATED
    contract MainnetVerifier (eth:0x71808449A6217898d602c1a392D95b931Ac5d878) [taiko/MainnetVerifier]
    +++ description: Immutable verifier policy contract for Taiko mainnet. Each accepted proof must contain exactly two ordered sub-proofs: either SGX-GETH plus SGX-RETH/RISC0-RETH/SP1-RETH, or SGX-RETH plus SGX-GETH/RISC0-RETH/SP1-RETH. It routes each sub-proof to the corresponding downstream verifier.
    + Status: CREATED
    contract TaikoSP1Verifier (eth:0x73A0Db393ef87ce781ac7957bE10D6628432100F) [taiko/SP1Verifier]
    +++ description: Gating router contract to verify batches using SP1.
    + Status: CREATED
    contract DefaultResolver (eth:0x8Efa01564425692d0a0838DC10E300BD310Cb43e) [taiko/DefaultResolver]
    +++ description: Maps chainId-name pairs to contract addresses. Bridge and vault contracts resolve their counterparties through this registry, so changes in this mapping effectively act as contract upgrades. The pause function is intentionally disabled in this implementation.
    + Status: CREATED
    contract SecureSgxVerifier (eth:0x9D3C595BFf6Ff7D2b2CbdEcF94aD917eB2fCFFd8) [taiko/SgxVerifier]
    +++ description: Verifier contract for SGX proven blocks. Registered SGX instances can sign accepted proofs until their instance expiry.
    + Status: CREATED
    contract QuotaManager (eth:0xBaCb003f0B13CeAF09Eb9Baf5915A640BD4Bc6cC) [taiko/QuotaManager]
    +++ description: Defines withdrawal quotas for ETH and ERC20 releases from the shared bridge. A token quota of zero means unlimited withdrawals for that token.
    2026 June 23, 08:48 UTC
    High severity
    31changes

    Emergency proposals pause the bridges and deactivate forced transactions and permissionless proposal fallback after a hacker steals USD ~1.7M from the bridges by exploiting bugs in whitelisted SGX programs. Exploiter transaction: https://app.blocksec.com/phalcon/explorer/tx/eth/0x2f44dc1b883522a88f9b0cbbdfabf9ec33884b69dd4326600c3fab7fb2277260. vulnerable mrEnclaves used: - fda8bb1fc9938700c25353c0a5fabc96a238e69ce8e35f08e558831a20db33a6 (geth, old) - 8f73135b83a84126c7fff37ea02f9363e134aea0f6446b13e198b20d94e75099 (reth, recent)

    contract EmergencyMultisig (eth:0x2AffADEb2ef5e1F2a7F58964ee191F1e88317ECd) [taiko/EmergencyMultisig] {
    +++ description: Modular Governance contract allowing for proposing, voting on and executing encrypted proposals (e.g. for Security Council emergency proposals).
    +++ description: total count of encrypted emergency proposals created.
    +++ severity: HIGH
    values.proposalCount:
    - 29
    + 33
    }
    contract MainnetInbox (eth:0x6f21C543a4aF5189eBdb0723827577e1EF57ef1f) [taiko/MainnetInboxRestricted] {
    +++ description: [FORCED TRANSACTIONS AND PERMISSIONLESS PROVING ARE DISABLED] The core Layer 1 entrypoint for the Taiko rollup where L2 block batches are proposed and their corresponding state transitions are proven. It manages bonds, validates batch parameters, and acts as the state machine for the L2.
    template:
    - "taiko/MainnetInbox"
    + "taiko/MainnetInboxRestricted"
    sourceHashes.1:
    - "0xa362200444c4acb7197c44886acc6eb7d90bb3933f19c339e94239e413f132d1"
    + "0xc8fb004590f1c60e5c9735be36da74676fdc93286aa44749d3156ad33bc416e7"
    description:
    - "The core Layer 1 entrypoint for the Taiko rollup where L2 block batches are proposed and their corresponding state transitions are proven. It manages bonds, validates batch parameters, and acts as the state machine for the L2."
    + "[FORCED TRANSACTIONS AND PERMISSIONLESS PROVING ARE DISABLED] The core Layer 1 entrypoint for the Taiko rollup where L2 block batches are proposed and their corresponding state transitions are proven. It manages bonds, validates batch parameters, and acts as the state machine for the L2."
    values.$implementation:
    - "eth:0x0680c84378FA6A7D2F46ADa5A70637Fa2A938d42"
    + "eth:0x349Ae3578f48F758d79451EeAB61Cdd5fedD0098"
    values.$pastUpgrades.1:
    + ["2026-06-22T09:24:35.000Z","0x2fb71b83b8971dd7bbc174f72ea5d37f57bf20277c406b0d679062b20c348e1d",["eth:0x349Ae3578f48F758d79451EeAB61Cdd5fedD0098"]]
    values.$upgradeCount:
    - 1
    + 2
    +++ severity: HIGH
    values.getCurrentForcedInclusionFee:
    - 1000000
    + 1020000
    values.impl:
    - "eth:0x0680c84378FA6A7D2F46ADa5A70637Fa2A938d42"
    + "eth:0x349Ae3578f48F758d79451EeAB61Cdd5fedD0098"
    values.noForce:
    + [true]
    implementationNames.eth:0x0680c84378FA6A7D2F46ADa5A70637Fa2A938d42:
    - "MainnetInbox"
    implementationNames.eth:0x349Ae3578f48F758d79451EeAB61Cdd5fedD0098:
    + "MainnetInbox"
    }
    contract OptimisticTokenVotingPlugin (eth:0x989E348275b659d36f8751ea1c10D146211650BE) [taiko/OptimisticTokenVotingPlugin] {
    +++ description: An optimistic governance module. Standard proposals pass and can be executed unless 10% of votable TAIKO veto them within 7d. Emergency proposals can be executed without delay.
    values.proposalCount:
    - 31
    + 34
    values.proposalIds.31:
    + "606258323829018279630170080852096129484418187295"
    values.proposalIds.32:
    + "606419523753005534282828605203137025379655483424"
    values.proposalIds.33:
    + "606424105314793757798300924445813695132257484833"
    }
    contract MainnetERC20Vault (eth:0x996282cA11E5DEb6B5D122CC3B9A1FcAAD4415Ab) [taiko/SharedERC20Vault] {
    +++ description: Shared vault for Taiko chains for bridged ERC20 tokens.
    values.paused:
    - false
    + true
    }
    contract MainnetBridge (eth:0xd60247c6848B7Ca29eDdF63AA924E53dB6Ddd8EC) [taiko/TaikoBridge] {
    +++ description: Shared bridge escrow for Taiko chains for bridged ETH.
    values.paused:
    - false
    + true
    }
    contract PreconfWhitelist (eth:0xFD019460881e6EeC632258222393d5821029b2ac) [taiko/PreconfWhitelist] {
    +++ description: Contains the whitelist of addresses allowed to propose batches on L1 and issue preconfirmations. It dynamically selects a single operator for a given epoch using the Ethereum beacon block root as a source of randomness.
    values.operatorMapping.0:
    - "eth:0xCbeB5d484b54498d3893A0c3Eb790331962e9e9d"
    values.operatorMapping.2:
    - "eth:0x000cb000E880A92a8f383D69dA2142a969B93DE7"
    }
    2026 June 16, 09:48 UTC
    High severity
    2changes

    Propose 'Enable SP1 v6 on mainnet': new programhashes.

    contract Multisig (eth:0xD7dA1C25E915438720692bC55eb3a7170cA90321) [taiko/Multisig] {
    +++ description: Modular Governance contract allowing for proposing, voting on and executing proposals (e.g. for Security Council standard proposals).
    +++ description: total standard proposal count.
    +++ severity: HIGH
    values.proposalCount:
    - 20
    + 21
    }

    The system uses whitelist-based sequencing and proving

    The system uses a whitelist-based sequencing mechanism to allow for fast preconfirmations on the L2. On the L1, batch proposing is permissioned through the PreconfWhitelist contract, which currently has 3 active operators registered. For each epoch, PreconfWhitelist selects a single active operator that can propose to MainnetInbox. There is no fallback proposer path, and non-selected operators cannot propose for the current epoch. Proving is controlled separately by ProverWhitelist, which currently has 2 whitelisted provers. While the prover whitelist is non-empty, non-whitelisted actors cannot submit proofs. MainnetInbox currently sets minBond=0 and livenessBond=0. Currently, proving a proposal requires SGX (Geth), plus either SGX (Reth), SP1, or RISC0.

    • MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.

    1. MainnetInbox.sol - Etherscan source code, propose function
    2. MainnetInbox.sol - Etherscan source code, prove function
    3. PreconfWhitelist.sol - Etherscan source code
    4. ProverWhitelist.sol - Etherscan source code

    Users can't force any transaction

    There is no general mechanism to force the sequencer to include a transaction. Forced inclusions are disabled in the current MainnetInbox implementation: saveForcedInclusion() always reverts and propose() only accepts zero forced inclusions. If the selected proposer is down or censoring, user transactions that are not included by the permissioned proposer remain non-included.

    • Users can be censored if the operator refuses to include their transactions.

    1. MainnetInbox.sol - Etherscan source code, saveForcedInclusion function
    2. MainnetInbox.sol - Etherscan source code, propose function

    Regular exit

    The user initiates the withdrawal by submitting a regular transaction on this chain. When the block containing that transaction is finalized the funds become available for withdrawal on L1. Finally the user submits an L1 transaction to claim the funds. This transaction requires a merkle proof.

    A dashboard to explore contracts and permissions
    Go to Disco
    Disco UI Banner

    Ethereum

    Actors:

    SignerList (Security Council)0x0F95…79c2

    A Multisig with 7/9 threshold. A signer list for storing multisig members and their agents, stores the addresses of the Multisigs that use this signer list. Each signer delegates their permissions to their agent address that they can configure here.

    • Can upgrade with 7d delay
      • AutomataDcapV3Attestation
      • Taiko Token
      • MainnetInbox
      • TaikoDAOController
      • AutomataDcapV3Attestation
      • DefaultResolver
      • MainnetERC20Vault
      • DAO
      • SignalService
      • MainnetBridge
      • ProverWhitelist
      • TaikoDAOController
      • PreconfWhitelist
    • Can interact with TaikoRisc0Verifier
      • manage trusted RISC Zero image IDs with 7d delay
    • Can interact with SignerList (Security Council)
      • add/remove members from the Security Council and change its minimum size with 7d delay
    • Can interact with AutomataDcapV3Attestation
      • manage trusted SGX measurements, revoked certificate serial numbers, TCB info, QE identity, and local report checks with 7d delay
    • Can interact with EmergencyMultisig
      • manage critical settings (e.g. threshold and multisig settings) for the emergency proposal governance path with 7d delay
    • Can interact with SecureSgxVerifier
      • add SGX instances without DCAP attestation and delete registered instances with 7d delay
    • Can interact with MainnetInbox
      • pause and unpause the rollup system, activate the inbox, and execute the one-time state recovery path with 7d delay
    • Can interact with TaikoSP1Verifier
      • manage trusted SP1 program verification keys with 7d delay
    • Can interact with AutomataDcapV3Attestation
      • manage trusted SGX measurements, revoked certificate serial numbers, TCB info, QE identity, and local report checks with 7d delay
    • Can interact with DefaultResolver
      • update the contract address registered for any chainId-name pair with 7d delay
    • Can interact with OptimisticTokenVotingPlugin
      • manage critical settings (e.g. thresholds, delays and proposal acceptance criteria) for all governance proposals with 7d delay
    • Can interact with MainnetERC20Vault
      • pause and unpause token bridge flows and change the bridged token implementation for a canonical token after the migration delay with 7d delay
    • Can interact with DAO
      • define all permissions of the central DAO smart contract with 7d delay
    • Can interact with SecureSgxVerifier
      • add SGX instances without DCAP attestation and delete registered instances with 7d delay
    • Can interact with SignalService
      • pause and unpause signal proof verification with 7d delay
    • Can interact with MainnetBridge
      • pause and unpause bridge message flows and execute one-time bridge recovery initializers with 7d delay
    • Can interact with Multisig
      • manage critical settings (e.g. threshold and multisig settings) for the standard proposal governance path with 7d delay
    • Can interact with ProverWhitelist
      • manage the prover whitelist with 7d delay
    • Can interact with PreconfWhitelist
      • pause/unpause, add or remove operators, and manage ejecter roles with 7d delay
    Taiko Multisig0x9CBe…9C7F

    A Multisig with 4/6 threshold.

    • Can interact with SecureSgxVerifier
      • register SGX instances after DCAP attestation verification
    • Can interact with SecureSgxVerifier
      • register SGX instances after DCAP attestation verification
    • Can interact with SignalService
      • pause and unpause signal proof verification
    • Can interact with QuotaManager
      • update token withdrawal quotas and the quota refill period
    • Can interact with MainnetBridge
      • pause and unpause bridge message flows and fund the bridge through direct ETH transfers
    • Can interact with ProverWhitelist
    • Can interact with PreconfWhitelist
      • manage the ejecter role
    MainnetERC20Vault0x9962…15Ab

    Shared vault for Taiko chains for bridged ERC20 tokens. Pausing stops token sends, message-triggered releases, and recalls. Released or minted tokens are subject to the configured quota manager.

    • Can interact with QuotaManager
      • consume ERC20 withdrawal quota when tokens leave the vault
    MainnetBridge0xd602…d8EC

    Shared bridge escrow for Taiko chains for bridged ETH and arbitrary bridge messages. Pausing stops sending, processing, recalling, retrying, and failing messages. ETH released from the bridge is subject to the configured quota manager.

    • Can interact with QuotaManager
      • consume ETH withdrawal quota when ETH leaves the bridge

    A Multisig with 3/5 threshold.

    • Can interact with TimelockController
      • cancel queued transactions
      • execute transactions that are ready
      • manage all access control roles with 3d delay
      • propose transactions
    • Can interact with RiscZeroVerifierEmergencyStop
    • Can interact with RiscZeroVerifierEmergencyStop
    • Can interact with RiscZeroVerifierEmergencyStop
    • Can interact with RiscZeroVerifierRouter
      • add/remove verifiers and the selectors they are mapped to with 3d delay
    • Can interact with RiscZeroVerifierEmergencyStop
    • Can interact with RiscZeroVerifierEmergencyStop
    Used in:
    SP1VerifierGatewayMultisig0xCafE…6878

    A Multisig with 2/3 threshold.

    • Can interact with SP1VerifierGateway
      • affect the liveness and safety of the gateway - can transfer ownership, add and freeze verifier routes
    Used in:
    Taiko Foundation Treasury Multisig0x363e…B3Da

    A Multisig with 2/3 threshold.

    A Multisig with 1/2 threshold. Member of Taiko Foundation Treasury Multisig, Taiko Multisig, Gustavo Gonzalez Taiko.

    Participants (2):

    0x4757…45c30x7057…595C
    • Can interact with PreconfWhitelist
      • eligible to propose batches on L1; only the selected current-epoch operator can successfully propose
    • Can interact with PreconfWhitelist
      • add operators after a two-epoch activation delay and remove existing operators immediately
    Halborn Agent0x1d95…F556

    Member of Halborn, SignerList (Security Council).

    Member of Gattaca.

    Toni Wahrstätter Agent0x9353…61a6

    Member of SignerList (Security Council), Toni Wahrstätter.

    Member of Halborn.

    Gattaca Agent0xc441…1619

    Member of SignerList (Security Council), Gattaca.

    Member of Toni Wahrstätter.

    • Can interact with RiscZeroVerifierEmergencyStop
    Used in:
    A dashboard to explore contracts and permissions
    Go to Disco
    Disco UI Banner
    A diagram of the smart contract architecture
    A diagram of the smart contract architecture

    Ethereum

    TaikoRisc0Verifier0x059d…Cd8b

    Gating router contract to verify batches using RISC Zero.

    RiscZeroGroth16Verifier0x20ff…8E97

    Verifier contract for RISC Zero Groth16 proofs (version 2.0.0-rc.3).

    Implementation used in:
    RiscZeroGroth16Verifier0x2a09…a84D

    Verifier contract for RISC Zero Groth16 proofs (version 3.0.0).

    Implementation used in:
    RiscZeroGroth16Verifier0x54aC…B9bF

    Verifier contract for RISC Zero Groth16 proofs (version 2.0.3).

    Implementation used in:

    The core Layer 1 entrypoint for the Taiko rollup where L2 block batches are proposed and their corresponding state transitions are proven. Forced inclusion submission and processing are disabled in this implementation. Proposals must come from the configured proposer checker, and if the configured prover whitelist is non-empty, proofs from non-whitelisted provers revert; the configured permissionless proving delay is not used to open proving.

    MainnetVerifier0x7180…d878

    Immutable verifier policy contract for Taiko mainnet. Each accepted proof must contain exactly two ordered sub-proofs: either SGX-GETH plus SGX-RETH/RISC0-RETH/SP1-RETH, or SGX-RETH plus SGX-GETH/RISC0-RETH/SP1-RETH. It routes each sub-proof to the corresponding downstream verifier.

    TaikoSP1Verifier0x73A0…100F

    Gating router contract to verify batches using SP1.

    RiscZeroGroth16Verifier0xafB3…9df9

    Verifier contract for RISC Zero Groth16 proofs (version 2.2.0).

    Implementation used in:

    Defines the prover whitelist queried by the inbox before accepting proofs. If the inbox is configured with this contract and the whitelist is non-empty, only whitelisted provers can prove proposals.

    • Roles:
      • admin: TaikoDAOController; ultimately SignerList (Security Council)
      • owner: TaikoDAOController; ultimately SignerList (Security Council)
      • proverManager: Taiko Multisig
    RiscZeroGroth16Verifier0xf70a…E93C

    Verifier contract for RISC Zero Groth16 proofs. This older implementation exposes control-root and selector constants but does not expose a VERSION getter.

    Implementation used in:
    QuotaManager0xBaCb…c6cC

    Defines withdrawal quotas for ETH and ERC20 releases from the shared bridge. A token quota of zero means unlimited withdrawals for that token.

    • Roles:
      • bridge: MainnetBridge
      • erc20Vault: MainnetERC20Vault
      • owner: Taiko Multisig

    Middleware contract that maintains ownership of DAO-controlled assets and contracts. Its token weight does not count towards the DAO quorum. Member of Taiko Foundation Treasury Multisig.

    The main contract and entrypoint of the Aragon-based DAO governance framework. Fine-grained DAO permissions, proposals, voting and thresholds are configured here.

    • Roles:
      • currentSignerListPermissions: SignerList (Security Council) (emergency proposals bypass the delay)
      • daoPermissions: DAO; ultimately SignerList (Security Council)

    Middleware contract that maintains ownership of DAO-controlled assets and contracts. Its token weight does not count towards the DAO quorum.

    SP1Verifier0x0459…C459

    Verifier contract for SP1 proofs (v5.0.0).

    Implementation used in:
    TimelockController0x0b14…b711

    A timelock with access control. The current minimum delay is 3d.

    • Roles:
      • canceller: Safe
      • defaultAdmin: TimelockController; ultimately Safe
      • executor: Safe
      • proposer: Safe
    Implementation used in:

    Contract managing SGX DCAP attestation policy, trusted measurements, and certificate revocation data.

    ERC20 contract implementing the TAIKO token. It defines a list of addresses designated as non-voting.

    RiscZeroVerifierEmergencyStop0x1efD…D698

    A verifier wrapper for the RiscZeroGroth16Verifier that allows pausing (emergency stop) the verifier by its owner.

    • Roles:
      • owner: Safe
    Implementation used in:

    Modular Governance contract allowing for proposing, voting on and executing encrypted proposals (e.g. for Security Council emergency proposals).

    SP1VerifierGateway0x3B60…185e

    This contract is the router for zk proof verification. It stores the mapping between identifiers and the address of onchain verifier contracts, routing each identifier to the corresponding verifier contract.

    • Roles:
      • owner: SP1VerifierGatewayMultisig
    Implementation used in:
    SecureSgxVerifier0x41e7…84Ee

    Verifier contract for SGX proven blocks. Registered SGX instances can sign accepted proofs until their instance expiry.

    • Roles:
      • owner: TaikoDAOController; ultimately SignerList (Security Council)
      • registrar: Taiko Multisig
    RiscZeroVerifierEmergencyStop0x44c2…33e7

    A verifier wrapper for the RiscZeroGroth16Verifier that allows pausing (emergency stop) the verifier by its owner.

    • Roles:
      • owner: EOA 10
    Implementation used in:
    RiscZeroSetVerifier0x5005…EB85

    Set verifier contract for RISC Zero proofs (version 0.9.0). It allows verifying a whole set of proofs identified with a Merkle root at once, afterwards each individual proof could be efficiently verified just by checking Merkle inclusion against the verified root.

    Implementation used in:
    RiscZeroVerifierEmergencyStop0x68dC…40E3

    A verifier wrapper for the RiscZeroGroth16Verifier that allows pausing (emergency stop) the verifier by its owner.

    • Roles:
      • owner: Safe
    Implementation used in:
    RiscZeroVerifierEmergencyStop0x844D…F782

    A verifier wrapper for the RiscZeroSetVerifier that allows pausing (emergency stop) the verifier by its owner.

    • Roles:
      • owner: Safe
    Implementation used in:
    SP1Verifier0x8a0f…Fc5C

    Verifier contract for SP1 proofs (v6.0.0).

    Implementation used in:

    Contract managing SGX DCAP attestation policy, trusted measurements, and certificate revocation data.

    RiscZeroVerifierRouter0x8EaB…D319

    A router proxy that routes to verifiers based on selectors. The mapping can be changed by a permissioned owner (TimelockController).

    • Roles:
      • owner: TimelockController; ultimately Safe
    Implementation used in:

    Maps chainId-name pairs to contract addresses. Bridge and vault contracts resolve their counterparties through this registry, so changes in this mapping effectively act as contract upgrades. The pause function is intentionally disabled in this implementation.

    An optimistic governance module. Standard proposals pass and can be executed unless 10% of votable TAIKO veto them within 7d. Emergency proposals can be executed without delay.

    SecureSgxVerifier0x9D3C…FFd8

    Verifier contract for SGX proven blocks. Registered SGX instances can sign accepted proofs until their instance expiry.

    • Roles:
      • owner: TaikoDAOController; ultimately SignerList (Security Council)
      • registrar: Taiko Multisig

    Facilitates secure cross-chain message passing by storing signals and state-root checkpoints. Bridge escrows and other applications use it to prove that a specific L1<->L2 signal or checkpointed state transition occurred via Merkle proofs. Pausing disables signal proof verification.

    • Roles:
      • admin: TaikoDAOController; ultimately SignerList (Security Council)
      • owner: TaikoDAOController; ultimately SignerList (Security Council)
      • pauser: Taiko Multisig
    RiscZeroVerifierEmergencyStop0x9F99…e696

    A verifier wrapper for the RiscZeroGroth16Verifier that allows pausing (emergency stop) the verifier by its owner.

    • Roles:
      • owner: Safe
    Implementation used in:
    SP1Verifier0xc3c6…AF2A
    Implementation used in:

    Modular Governance contract allowing for proposing, voting on and executing proposals (e.g. for Security Council standard proposals).

    RiscZeroVerifierEmergencyStop0xDa8f…B2b1

    A verifier wrapper for the RiscZeroGroth16Verifier that allows pausing (emergency stop) the verifier by its owner.

    • Roles:
      • owner: Safe
    Implementation used in:

    Contains the whitelist of addresses eligible to propose batches on L1 and issue preconfirmations. It dynamically selects a single active operator for each epoch using a delayed Ethereum beacon block root as randomness. There is no fallback proposer path in this contract: non-selected operators cannot propose for the current epoch.

    • Roles:
      • _ejectorManager: Taiko Multisig
      • admin: TaikoDAOController; ultimately SignerList (Security Council)
      • ejecters: EOA 2, EOA 4
      • operatorMapping: EOA 1, EOA 5, EOA 7
      • owner: TaikoDAOController; ultimately SignerList (Security Council)

    The current deployment carries some associated risks:

    • Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).

    Program Hashes

    Name
    Hash
    Repository
    Verification
    Used in
    0x0075...487e
    Taiko Alethia logo
    0x3aca...487e
    Taiko Alethia logo
    0x00e9...17bc
    Taiko Alethia logo
    0x748e...17bc
    Taiko Alethia logo
    0xa38d...908b
    Taiko Alethia logo
    0x868b...efef
    Taiko Alethia logo