# Risks There exist a number of potential risks when staking CFX using liquid staking protocols. ### Smart contract security There is an inherent risk that Nucleon could contain a smart contract vulnerability or bug. The Nucleon code is open-sourced, audited and covered by an extensive bug bounty program to minimise this risk. ### Conflux PoS network - Technical risk NUCLEON is built on Conflux and there is no guarantee that Conflux PoS network has been developed error-free. Any vulnerabilities inherent to Conflux PoS network brings with it slashing risk, as well as xCFX fluctuation risk. ### Slashing risk Conflux PoS validators risk staking penalties, with up to 100% of staked funds at risk if validators fail. To minimise this risk, NUCLEON stakes across multiple professional and reputable node operators with heterogeneous setups, with additional mitigation in the form of coverage that is paid from NUCLEON fees. ### xCFX price risk Users risk an exchange price of xCFX which is lower than inherent value due to withdrawal restrictions, making arbitrage and risk-free market-making impossible. The X DAO is driven to mitigate above risks and eliminate them entirely to the extent possible. Despite this, they may still exist and, as such, it is our duty to communicate with them. ### xCFX minter role xCFX is a type of token which is minted and burned by users completely. Users need to burn the token they owned only to get back the corresponding CFXs. Therefore, in Exchangeroom contract, a function called XCFX\_burn() is needed to feed the objective. After the XCFXupgradeable contract is deployed, Exchangeroom contract will be assigned as the only minter of xCFXs. Then the users can stake CFXs to exchange xCFXs in Exchangeroom. Exchangeroom will mint xCFX tokens for users. In order to withdraw, the users invoke XCFX\_burn() function and Exchangeroom will burn xCFX tokens for users. Then users can withdraw their CFXs by calling getback\_CFX() function. In addition, in order to prevent the owner from abusing, we will assign the owner of xCFX token proxy to ZERO address once the contract runs normally. Therefore, no new minters are added to xCFX contract. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.nucleon.network/about-nucleon/risks.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.