Blog
Across Incident Report: Lens Upgrade and...
Information about a past upgrade and the steps taken afterward.
Sep 03, 2025
1 min read

Across Incident Report: Lens Upgrade and Resolution

Share this article

TLDR

  • An operational mistake during a Lens upgrade temporarily locked LP funds in the Lens SpokePool.

  • No user funds were ever at risk.

  • Risk Labs promptly redeployed and funded the Lens pools to ensure the continued operation of the protocol.

  • All bridging operations continued without interruption.

  • The locked funds will be recovered through zkSync governance and returned to Risk Labs.

  • Across is strengthening deployment safeguards to prevent similar incidents in the future.

Context of the Issue

Recently, an upgrade to the Lens SpokePool did not go as planned. An operational mistake during deployment caused LP funds to become temporarily locked in the old contract.

No user funds were ever at risk. Bridging was paused to and from Lens for 3-4 days.

The issue arose because of unique technical constraints on Lens (a zkStack chain). During the upgrade, a compiler mismatch caused the contract to become unusable, leaving LP funds in an inactive state.

This was not a hack, exploit, or security vulnerability. It was an operational mistake, despite multiple manual checks and prior testing.

Immediate Response

The Across team responded quickly to restore normal operations:

  • New SpokePool deployed: A new Lens SpokePool contract was launched promptly so deposits and withdrawals could continue without disruption.

  • Risk Labs provided capital: Risk Labs promptly redeployed and funded the Lens pools to ensure the continued operation of the protocol.

  • Seamless user experience: Throughout the process, users were able to bridge as usual. Across continued to provide fast, cheap, and secure transfers.

The locked funds remain safe and are recoverable through zkSync governance. Because Risk Labs provided capital to ensure LPs were unaffected, the recovered funds will be returned to Risk Labs once the process is complete.

Moving Forward

Every operational mistake is an opportunity to learn and improve. Following this incident, we are working to formalize safer and faster deployment processes.

This includes:

  • Stronger safeguards for complex upgrades.

  • More robust governance oversight.

  • Clearer recovery procedures in case of unexpected issues.

These lessons will make Across stronger, more resilient, and better prepared for the future.

Back to top