Missing _rebalanceLiquidity Calls
Summary
In the LendingPool.sol contract the _repay and finalizeLiquidation functions are missing a call to _rebalanceLiquidity, which is necessary to maintain the desired buffer ratio.
Vulnerability Details
The vulnerability arises from the absence of a _rebalanceLiquidity call in the _repay and finalizeLiquidation functions. The _rebalanceLiquidity function is responsible for maintaining the desired buffer ratio, which ensures that the lending pool has sufficient liquidity to handle withdrawals and other operations. Without this call, the buffer ratio may become imbalanced.
Impact
If the buffer ratio is not properly maintained, the lending pool may face liquidity shortages, making it difficult to handle withdrawals and other operations. This can lead to a loss of confidence in the protocol.
Tools Used
Manual Review
Recommendations
To mitigate this vulnerability, add a call to _rebalanceLiquidity in the _repay and finalizeLiquidation functions. This will ensure that the desired buffer ratio is maintained, preventing potential liquidity issues and ensuring the smooth operation of the lending pool.
Lead Judging Commences
LendingPool::finalizeLiquidation or repay doesn't call _rebalanceLiquidity, leaving excess funds idle instead of depositing them in Curve vault for yield
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.