missing liquidity rebalancing after _repay() or liquidation in LendingPool.sol
Summary
missing rebalanceLiquidity() after users repay or liquidated.
Vulnerability Details
LendingPool implements a feature that whenever there is a balance change, such as deposit, borrow, or withdraw, liquidity must be rebanlanced between the buffer and the vault to maintain a desired buffer ratio so users can have enough in time asset to withdraw. However this feature is lacking after repay() or finalizeLiquidation() action.
Impact
Some amount of tokens(crvUSD) may be left in reserve which will not be deposited into vault to earn yields.
Tools Used
manual
Recommendations
consider add rebanlanceLiquidity() after _repay()/finalizeLiquidation() method.
Lead Judging Commences
LendingPool::finalizeLiquidation or repay doesn't call _rebalanceLiquidity, leaving excess funds idle instead of depositing them in Curve vault for yield
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.