Darius Baruar
March 24, 2025 09:28
The CFX (ConLux) network has completed a significant security upgrade to solve the vulnerability of the EVM to improve the safety of user assets and strengthen ecosystem security.
The CFX (CONLUX) network found vulnerability in EVM (Ethereum Virtual Machine) and successfully launched version 2.5 on March 17, 2025. According to Collux Forum, this vulnerability was first identified by the Grafun team.
Background
The vulnerabilities reported on February 13, 2025 CREATE2 OPCode, which can relocate the contract at the existing address, can potentially reset the state. These flaws are out of the standard Etherum EVM, which is forbidden to relocate.
Security impact assessment
According to a comprehensive security impact assessment, most factory contracts, such as the Swappi plant, were not affected by additional address collisions. However, the GNOSIS safety contract lacks these checks, which has a risk of resetting and enabled a regeneration attack on previously signed transactions.
Security evaluation includes investigating about 30 GNOSIS safety contracts, showing that most of the funds are safe, while the minority may be dangerous.
Security Response Process
Curlux acted quickly to alleviate the threat by informing the ecosystem partner and promoting the transfer of risk assets. The security upgrade process includes several stages.
- Vulnerability modification and integration test: Completed until February 21.
- Internal testnet upgrade: It was held on February 24.
- Public TestNet Upgrade: Announcement from March 3 to February 25.
- Main net upgrade distribution: Announced March 3rd announced on March 3.
Post -analysis
This vulnerability originated from the original code of the Conflux EVM ported in Openeteereum, which included misunderstandings and lack of clear error definition. These factors led to the misunderstanding of Ether Leeum CREATE2 Actions that omit important inspections in the implementation of Currux.
Bug Bounty Compensation
Recognizing the seriousness of this vulnerability, Confrux awarded a total of 60,000 CFX bounties to the GRAFUN team to recognize timely reports and potential losses.
Subsequent measures and security improvements
In the future, Curlux plans to sync with Ethereum EVM function and integrate official test cases to prevent similar vulnerabilities. This move aims to improve the security of Collux and the compatibility with Etherum ecosystem.
The CONLUX team is dedicated to transparency and fast response to ensure the security of the ecosystem and the protection of user understanding.
Image Source: Shutter Stock