Conflux: CREATE2 Opcode bug fixed with v2.5 security upgrade

Bitget App

Trade smarter

Crypto.News2025/03/23 16:00

By:By Benson TotiEdited by Jayson Derrick

Conflux says its security team has successfully patched the CREATE2 Opcode vulnerability with version 2.5 network upgrade.

The Conflux ( CFX ) Network announced on March 24, 2025 that a security vulnerability detected with the help of ecosystem team GraFun, has been successfully patched. GraFun reportedly identified the critical vulnerability in the CREATE2 opcode, related to the Ethereum ( ETH ) Virtual Machine, in February this year.

CREATE2 opcode, introduced in 2019 via Ethereum’s Constantinople upgrade , is an advanced feature for Ethereum and Ethereum Virtual Machine-compatible networks. It plays a key role in smart contracts, particularly in deployment predictability and flexibility. The Conflux team elaborated on this:

“In the standard Ethereum Virtual Machine, the CREATE2 opcode fails to deploy a contract if the target address already has a deployed contract, returning a null address. However, the previous implementation of Conflux allowed CREATE2 to redeploy contracts at an address with an existing contract, resetting the contract state to its initial deployment state.”

According to Conflux, the security issue is now resolved following Conflux’s version 2.5 upgrade that shipped on March 17, 2025. The flaw, the layer-1 platform noted, “allowed contract redeployment on existing addresses, impacting Gnosis Safe.”

The Conflux Network security team has assured users and ecosystem partners that the version 2.5 upgrade has fully addressed the flaw.

Conflux disclosed plans for the network upgrade on March 4, 2025, with node operators asked to update accordingly. The platform tentatively scheduled the hard fork for mid-March, with this happening at epoch 118580000.

GraFun received a total of 60,000 Conflux tokens for its role in the security upgrade, including a base bounty of 50,000 tokens for identifying the CREATE2 opcode bug. The platform also received 10,000 tokens for offering a timely report that helped prevent potential exploits and losses.

In its announcement, Conflux said all user funds are safe and that the network has EVM compatibility enhanced.

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.

APR up to 10%. Always on, always get airdrop.

Lock now!

Share link:In this post: Parisa Tabriz believes Google Chrome would decline in another company’s hands, saying it would be hard to disentangle Google from the search engine’s success. Google plans to infuse artificial intelligence into Chrome to make it more agentic. OpenAI showed interest in buying Google Chrome.

Cryptopolitan•2025/04/27 13:12

SEC Commissioner Hester Peirce calls for better crypto regulation

Share link:In this post: SEC Commissioner Hester Peirce has called for better crypto regulation in the United States. Peirce mentioned that financial firms have been approaching crypto in a way like playing “the floor is lava” children’s game. SEC commissioners want flexible regulation as SEC chairman Paul Atkins wants clear regulations for digital assets.

Cryptopolitan•2025/04/27 13:12