CREATE2 Opcode bug fixed with v2.5 security upgrade

Conflux claims that his security team has managed to correct the Opcode Create2 vulnerability with the upgrade of the version 2.5 network.

The Conflux (Cfx) Network announcement On March 24, 2025, a security vulnerability detected with the help of the Grafun ecosystem team, was successfully corrected. Grafun would have identified critical vulnerability in the Create2 opcode, linked to Ethereum (Ethn) Virtual Machine, in February of this year.

Create2 opcode, introduced in 2019 via Ethereum Constantinople upgradeis an advanced feature for networks compatible with the Ethereum and Ethereum virtual machine. He plays a key role in intelligent contracts, in particular in the predictability and flexibility of deployment. The Conflux team explained this:

“In the Ethereum Standard virtual machine, the Create2 opcode does not deploy a contract if the target address already has a deployed contract, returning a zero address.

According to Conflux, the security problem is now resolved after the upgrade of version 2.5 of Conflux which sent on March 17, 2025. The defect, the layer-1 platform noted: “authorized the redeployment of contracts on existing addresses, impacting Gnosis Safe”.

The Conflux network security team has assured ecosystem users and partners that the upgrade of version 2.5 entirely discussed the flaw.

Conflux disclosed the plans for the upgrading of the network on March 4, 2025, the node operators asked to update accordingly. The platform provisionally planned the fork lasts for mid-March, which was happening at the time 118580000.

Grafun received a total of 60,000 conflux tokens for its role in upgrading security, including a basic premium of 50,000 tokens to identify the Opcode Create2 bug. The platform also received 10,000 tokens to offer a timely report which helped prevent potential exploits and losses.

In its ad, Conflux said that all user funds are safe and that the network has improved EVM compatibility.