Conflux, a high performance public blockchain platform designed to address the blockchain trilemma of scalability, security and decentralization, has addressed a serious vulnerability in the CREATE2 opcode. The vulnerability was identified during the routine check-ups and it was resolved in its V2.5 upgrade today, March 17, 2025.
Impact on Gnosis Safe
The vulnerability allowed the contracts to be redeployed at existing addresses. This posed a potential risk to the users, specially for those who utilized Gnosis Safe. Despite the severity of the issue, Conflux has assured its community that no user funds were lost during this incident.
CREATE2 is an Ethereum Virtual Machine (EVM) opcode that allows developers to deploy smart contracts at predictable addresses. Even though it is a powerful tool for blockchain applications, its misuse or exploitation could lead to a significant security risks.
In this case, the vulnerability could have allowed malicious actors to overwrite existing contracts, potentially compromising user funds or assets stored in wallets like Gnosis Safe.
Conflux Resolved the Issue Through V2.5 Upgrade
Conflux made swift moves and after discovering the flaw, immediately implemented a patch in its V2.5 upgrade to eliminate the risk completely. The team on the other hand is now working to strengthen its security protocols and enhance EVM compatibility to prevent similar incidents in the future.
Previous Incidents
This is not the first time vulnerabilities related to CREATE2 have erupted in the blockchain ecosystems. In previous cases, attackers exploited the opcode’s predictable address generation mechanism to deploy malicious contracts or bypass standard security measures. For example, Ethereum faced similar challenges when bad actors used CREATE2 to deceive users into interacting with unauthorized contracts before they were deployed.
This incident highlights the importance of continuous vigilance and proactive measures in blockchain security. As smart contracts and decentralized applications become more sophisticated and sensitive, ensuring their integrity remains a top priority for developers and platforms.
Conflux’s rapid response to the situation also indicates its commitment towards the user safety and system reliability, setting an example for handling vulnerabilities in decentralized networks.
Also Read: Polkadot, Tezos & Beyond: Charlie Hu Reveals the Next Big Thing in Blockchain
