Missing rebalance liquidity when we repay debt
Summary
Missing rebalance liquidity when we repay debt
Vulnerability Details
In lending pool contract, we will deposit one part of funds to the scrvUSD Vault to earn some extra interest. The system will keep 20% of the total funds in the pool as the buffer, and deposit the left 80% funds into the scrvUSD Vault to earn interest. So we will trigger the liquidity rebalance no matter the funds are deposited or withdrawn.
The problem here is that we miss the liquidity balance when we repay funds.
Considering the below scenario:
Alice deposits 10000 crvUSD into the lending pool.
Bob borrows 9000 crvUSD from the lending pool in timestamp X.
Bob repays 9000 + 20 crvUSD to the lending pool in timestamp X + 200.
Then most funds will keep in the RToken contract, we will not deposit into the scrvUSD Vault to earn some interest.
Considering that the repay operation is one normal operation in lending pool, it will cause that we earn less interest than expected.
Impact
Missing liquidity rebalance in the repay function. We will fail to get expected save interest from the scrvUSD Vault.
Tools Used
Manual
Recommendations
Update the liquidate rebalance in the repay function.
Lead Judging Commences
LendingPool::finalizeLiquidation or repay doesn't call _rebalanceLiquidity, leaving excess funds idle instead of depositing them in Curve vault for yield
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.