Conflux (CFX) Network Tackles Security Vulnerability in Recent Upgrade

Conflux (CFX) Invites Community Participation in New Bug Bounty Program

Conflux (CFX) Network Enhances Security with Major Upgrade: What You Need to Know

By Darius Baruo, Mar 24, 2025

In a crucial development for the blockchain community, the Conflux (CFX) Network has successfully executed a significant security upgrade to version 2.5 as of March 17, 2025. This upgrade follows the discovery of a vulnerability in its Ethereum Virtual Machine (EVM), underscoring Conflux’s commitment to safeguarding user assets and reinforcing the overall security of its ecosystem. In this post, we will delve into the intricacies of this upgrade and the implications for users and investors alike.

Conflux (CFX) Network Addresses Security Vulnerability in Latest Upgrade

Understanding the Vulnerability

The vulnerability at the heart of this upgrade was reported on February 13, 2025, by the GraFun team. It involved the CREATE2 opcode, which allows the redeployment of contracts at existing addresses, potentially resetting their state. This behavior deviates from the standard Ethereum EVM function, which prohibits such redeployments, thus creating potential security risks.

Related:  Ungate and EigenLayer: Building Cryptographic Trust for AI Agents

Impact on the Ecosystem

Conducting a thorough security impact assessment revealed that while most factory contracts, such as those from Swappi, remained unaffected due to additional address conflict checks, Gnosis Safe contracts were vulnerable. This oversight posed risks of state resets and replay attacks on previously signed transactions. Out of approximately 30 Gnosis Safe contracts assessed, it was found that while most funds were secure, a minority was indeed at risk.

Swift Security Response

Recognizing the gravity of this situation, Conflux took immediate steps to mitigate the threat. They communicated effectively with ecosystem partners to facilitate the transfer of at-risk assets. The upgrade process involved several deliberate phases:

  • Vulnerability Fix and Integration Testing: Completed by February 21.
  • Internal Testnet Upgrade: Conducted on February 24.
  • Public Testnet Upgrade: Announced on February 25, effective March 3.
  • Mainnet Upgrade Deployment: Announced March 3, effective March 17.
Related:  Consumer confidence in September experiences sharpest decline in three years

Rigorous Postmortem Analysis

A postmortem examination revealed that the vulnerability originated from the porting of OpenEthereum code into Conflux’s EVM. This transition included misleading comments and unclear error definitions, leading to a misunderstanding of the CREATE2 behavior. These oversights resulted in critical checks being omitted from Conflux’s implementation, necessitating a robust reevaluation of their codebase.

Recognition and Bounty Rewards

In acknowledgment of the vital role played by the GraFun team in identifying and reporting the vulnerability, Conflux awarded them a bounty of 60,000 CFX. This not only highlights the network’s commitment to security but also incentivizes ethical reporting within the blockchain community.

Future Security Enhancements

Moving forward, Conflux plans to synchronize more closely with Ethereum’s EVM features and integrate official test cases to minimize the likelihood of similar vulnerabilities. Their roadmap emphasizes a commitment to transparency and rapid response, ensuring the security of the Conflux ecosystem.

At Extreme Investor Network, we believe that staying informed about security developments in the cryptocurrency world is crucial for both casual users and serious investors. The events surrounding Conflux not only reinforce the need for rigorous security measures in blockchain but also serve as a case study for how networks can effectively respond to vulnerabilities.

Related:  Binance Adds USD Coin (USDC) Integration to CELO Network

If you’re looking for more insights on the evolving landscape of cryptocurrency and blockchain security, stay tuned to our blog for the latest updates and expert analyses. Your investments deserve the utmost diligence and knowledge, and at Extreme Investor Network, we’re committed to providing you with the information you need to navigate the complex world of digital assets.