The owner can call _upgrade directly, skipping executeLensV2Upgrade.

Lines of code Vulnerability details Impact Loss of funds due to skipped checks before transfers Invalid system state due to assuming conditions not verified Hiding failed upgrade due to skipped revert/events Proof of Concept upgrade is missing an onlyOwner modifier By calling upgrade directly, th...

Denial Of Service (DoS)

github.com/cloudflare/tableflip is vulnerable to denial of service. The vulnerability exists due to a hung goroutine in the parent process after a failed upgrade...

A failed upgrade may lead to hung goroutines

Impact Processes using tableflip may encounter hung goroutines in the parent process, after a failed upgrade. The Go runtime has annoying behaviour around setting and clearing ONONBLOCK: exec.Cmd.Start ends up calling os.File.Fd for any file in exec.Cmd.ExtraFiles. os.File.Fd disables both the us...

CVE-2016-1278

Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to "safe mode" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the "request system software" command with the...