CVE-2025-65951 Overview
CVE-2025-65951 affects Inside Track / Entropy Derby, a research-grade horse-racing betting engine. The vulnerability breaks the sequential delay guarantee of the Verifiable Delay Function (VDF) timelock encryption system. Bettors pre-compute the entire Wesolowski VDF and embed vdfOutputHex in their encrypted bet ticket. The betting operator can then decrypt tickets immediately using fast proof verification instead of performing the expensive VDF evaluation intended to enforce the delay. This defeats the timelock guarantee that the house cannot see bets before the reveal window. The maintainer patched the flaw in commit 2d38d2f by removing the VDF proof and output fields from the ticket structure.
Critical Impact
The betting operator can decrypt encrypted bet tickets on demand, breaking the timelock fairness guarantee and exposing bettor selections before the intended reveal.
Affected Products
- Inside Track / Entropy Derby betting engine
- All commits prior to 2d38d2f
- Deployments using the VDF-based timelock encryption module
Discovery Timeline
- 2025-11-25 - CVE-2025-65951 published to NVD
- 2026-06-17 - Last updated in NVD database
Technical Details for CVE-2025-65951
Vulnerability Analysis
The timelock encryption scheme relies on a Wesolowski VDF to enforce a computational delay between bet submission and decryption. The design assumes the operator must spend real wall-clock time evaluating the VDF before recovering the decryption key. The bet ticket structure, however, included fields for both the VDF proof (vdfProofHex) and the VDF output (vdfOutputHex) supplied by the bettor. Because Wesolowski proofs support fast verification, the operator only needs to verify the supplied output rather than compute it. The delay guarantee collapses to the verification cost, which is orders of magnitude faster than sequential evaluation. This is an information disclosure flaw [CWE-200] rooted in a broken cryptographic protocol assumption.
Root Cause
The bet ticket serialization mixed prover-supplied VDF material with encrypted payload state. Trusting the bettor to include vdfOutputHex and vdfProofHex in the ticket allowed the operator to skip VDF evaluation entirely. The leaf hash in src/parimutuel.cpp also incorporated these fields, cementing them as part of the accepted ticket format.
Attack Vector
A malicious or curious betting operator with access to submitted tickets extracts vdfOutputHex, verifies the accompanying proof, and immediately derives the decryption key. The operator reads bet contents in real time and can adjust odds, refuse unfavorable bets, or front-run the race outcome. Exploitation requires operator-level access to ticket storage, matching the high privileges required in the attack profile.
// Patch: remove VDF output and proof from the ticket structure
// Source: https://github.com/mescuwa/entropy-derby/commit/2d38d2f16bbb3b4240698148f80d8c5202725c77
std::uint64_t iterations = 0;
std::string ciphertextHex;
std::string nonceHex;
- std::string vdfProofHex;
- std::string vdfOutputHex;
};
class TimeLockEncryptor {
// Patch: exclude VDF fields from leaf hash in src/parimutuel.cpp
// Source: https://github.com/mescuwa/entropy-derby/commit/2d38d2f16bbb3b4240698148f80d8c5202725c77
ticket.ciphertext = cipher;
std::ostringstream leaf;
leaf << bettorId << "|" << cipher.puzzlePreimage << "|" << cipher.ciphertextHex << "|"
- << cipher.nonceHex << "|" << cipher.vdfProofHex << "|" << cipher.vdfOutputHex << "|"
- << cipher.iterations;
+ << cipher.nonceHex << "|" << cipher.iterations;
ticket.leafHash = ProvablyFairRng::hashSeed(leaf.str());
Detection Methods for CVE-2025-65951
Indicators of Compromise
- Bet tickets in storage containing non-empty vdfProofHex or vdfOutputHex fields on unpatched deployments.
- Operator decryption events occurring in wall-clock time significantly shorter than the configured VDF iterations value would require.
- Auditable operator logs showing plaintext bet contents accessed before the intended reveal window.
Detection Strategies
- Audit the deployed commit hash against 2d38d2f in the mescuwa/entropy-derby repository.
- Inspect the TimeLockEncryptor ticket struct for the presence of prover-supplied VDF fields.
- Measure decryption timing against expected VDF evaluation cost, flagging deviations that indicate proof shortcut usage.
Monitoring Recommendations
- Log every ticket decryption with timestamps and correlate against race reveal windows.
- Alert on any code path that consumes bettor-supplied VDF outputs instead of evaluating the VDF locally.
- Track access patterns to the ticket store from operator service accounts.
How to Mitigate CVE-2025-65951
Immediate Actions Required
- Update Entropy Derby deployments to commit 2d38d2f or later.
- Invalidate any bet tickets accepted under the vulnerable schema and require resubmission under the patched format.
- Rotate operator credentials and review historical ticket access logs for signs of premature decryption.
Patch Information
The fix is available in commit 2d38d2f of the mescuwa/entropy-derby repository. The patch removes vdfProofHex and vdfOutputHex from the TimeLockEncryptor ticket structure and excludes them from the leaf hash computation in src/parimutuel.cpp. See the GitHub Security Advisory GHSA-pm54-f847-w4mh and the upstream commit.
Workarounds
- Reject any submitted ticket that carries a non-empty vdfProofHex or vdfOutputHex field.
- Force the operator to evaluate the VDF locally from puzzlePreimage and iterations, ignoring any prover-supplied output.
- Restrict operator access to encrypted ticket storage until the patched build is deployed.
# Verify the deployed commit matches the patched version
cd entropy-derby
git fetch origin
git log --oneline | grep 2d38d2f || echo "WARNING: patch commit 2d38d2f not present"
git checkout 2d38d2f16bbb3b4240698148f80d8c5202725c77
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

