Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Missing Liquidity Rebalancing in Repayment and Liquidation Leading to Instability

0x23r0

Summary

The repay and finalizeLiquidation functions fail to call _rebalanceLiquidity after modifying the reserve's liquidity. This omission disrupts the protocol's liquidity buffer ratio (20% of total deposits), leading to either underutilized funds in the Curve vault or insufficient liquidity for user withdrawals/borrows. The protocol's core financial stability is compromised as liquidity allocations deviate from intended parameters.

Vulnerability Details

The _rebalanceLiquidity function ensures the protocol maintains a defined liquidity buffer ratio (e.g., 20% of total deposits in the RToken contract, 80% in Curve vault). It is called in all core functions that alter liquidity (deposit, withdraw, borrow) except in repay and finalizeLiquidation.

Repay Function (_repay):

IERC20(...).safeTransferFrom(msg.sender, reserve.reserveRTokenAddress, amountScaled);
// Missing: _rebalanceLiquidity();
- Increases RToken liquidity without rebalancing to the Curve vault.
Liquidation Finalization (finalizeLiquidation):

IERC20(...).safeTransferFrom(msg.sender, reserve.reserveRTokenAddress, amountScaled);
// Missing: _rebalanceLiquidity();
- Directly adds funds to RToken contract without adjusting the buffer.

Proof of Concept (PoC)

Scenario 1 - Repayment Distorts Buffer Ratio:

Initial State:
- Total Deposits: 500 crvUSD.
- Desired Buffer: 20% (100 crvUSD on-chain).
- Curve Vault: 400 crvUSD.
User Repays 50 crvUSD:
- RToken liquidity increases to 150 crvUSD (100 + 50).
- Expected Buffer: 20% of 550 total = 110 crvUSD.
- Actual Buffer: 150 crvUSD (40 excess).
- Missing Action: Excess 40 crvUSD not moved to Curve vault.

Scenario 2 - Liquidation Worsens Imbalance:

Liquidate User with 200 crvUSD Debt:
- Stability Pool transfers 200 crvUSD to RToken contract.
- Total Deposits: 700 crvUSD (500 + 200).
- Desired Buffer: 140 crvUSD (20% of 700).
- Actual Buffer: 300 crvUSD (150 + 200 → 160 over target).

Impact

Idle funds generate no yield, reducing protocol revenue and RToken holder returns.
Unbalanced liquidity disrupts rate calculations in ReserveLibrary.updateInterestRatesAndLiquidity.

Tools Used

Manual Review

Recommendations

Add Rebalancing to Affected Functions:

In _repay:
// After transferring assets:
_rebalanceLiquidity();
In finalizeLiquidation:
// After transferring assets:
_rebalanceLiquidity();

Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago

Submission Judgement Published

Validated

Assigned finding tags:

LendingPool::finalizeLiquidation or repay doesn't call _rebalanceLiquidity, leaving excess funds idle instead of depositing them in Curve vault for yield

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.