KeePassX uses an older database format (KDB) than KeePass 2.x (KDBX4). It also lacks AEAD and is actually less secure than KDBX4 according to the analyses I've read.
Just a general info: KeePassX can read and write the KeePass2 file format, but you have to checkout the git repo manually. It works for me since at least one year.
The problem is the current maintainer, it seems that he has no interest in releasing a new version :(
I've looked through the source of KeePassX and it doesn't look complicated, but it requires a crypto expert to say something valuable about it's crypto. Would someone qualified mind sparing some time? I found a port of KeePassX 2 from gcrypt to openSSL ›› https://github.com/WhiteDawn/keepassbb10
Here's an awesome QML UI for KeePassX made for Jolla OS, I'm not sure how much work is required to get that to work on Android though. https://openrepos.net/content/jobe/ownkeepass
There are 2 problems here. (1) The c# .NET implementation is lacking; (2) the fundamental crypto design of the kdbx database (which is shared by all implementations, in any language) is lacking.
Yes, but since this isn't some networked service I'm not as concerned about the general quality of the code. Offline attacks really have to focus on the encrypted password database. If an attacker has local access you're already owned -- they could just modify the application to do whatever they want... or keylog you, etc.
The safety of your database in a world where your keepass database is leaked due to a Dropbox attack or something is what really matters here, IMO.
Did they screw up the crypto so offline attacks are easier?
It's not 100% offline. As you said, if they manage to access your Dropbox, they could theoretically sync an altered database back to you. If the application leaks some information while attempting to open the database or can be made to leak information, that would be bad.
EDIT: source: https://github.com/keepassx/keepassx