Delisting a market could lead to a bad debt of the market or lead to users unable to redeem their collateral
Summary
When delisting users will not be able to redeem their collateral and if there are borrows still active it will lead to a bad debt.
This is due to the fact that:
when delisting, also the repay and redeem functions also become unavailable (where most projects leave this open and only disable the supply and borrow functions)
when delisting, delistMarket does not liquidate outstanding borrows
A bad debt will also create a liquidity shortage since the delisting makes the users withdraw their asset but this is already noted in the known issues: "2. Unable to redeem supplied asset when liquidity is insufficient in the pool".
A soft approach which leaves the repay and redeem functions active so that users can still exit after a delist. This is user friendly but does not guarantee the debt to be repaid in time
A hard approach which liquidates the positions at delist. Not user friendly but guarantees fully repayment
Do note that simply relisting the market (e.g. for when users request to repay and redeem) will also lead to all the functions being available again.
Delvir0
high
Delisting a market could lead to a bad debt of the market or lead to users unable to redeem their collateral
Summary
When delisting users will not be able to redeem their collateral and if there are borrows still active it will lead to a bad debt. This is due to the fact that:
supplyandborrowfunctions)delistMarketdoes not liquidate outstanding borrowsA bad debt will also create a liquidity shortage since the delisting makes the users withdraw their asset but this is already noted in the known issues: "2. Unable to redeem supplied asset when liquidity is insufficient in the pool".
Vulnerability Detail
Delisting a market deletes data which is used in
requirechecks when using the core functions. https://github.com/sherlock-audit/2023-05-ironbank/blob/9ebf1702b2163b55479624794ab7999392367d2a/ib-v2/src/protocol/pool/IronBank.sol#L603-L604Without these the functions will revert leading to the
repayandredeemfunctions being unavailable. https://github.com/sherlock-audit/2023-05-ironbank/blob/9ebf1702b2163b55479624794ab7999392367d2a/ib-v2/src/protocol/pool/IronBank.sol#L462delistMarketalso does not have any functionality to liquidate the outstanding positions.Impact
Code Snippet
https://github.com/sherlock-audit/2023-05-ironbank/blob/9ebf1702b2163b55479624794ab7999392367d2a/ib-v2/src/protocol/pool/IronBank.sol#L599-L606
Tool used
Manual Review
Recommendation
There are two options with both their pro an con.
repayandredeemfunctions active so that users can still exit after a delist. This is user friendly but does not guarantee the debt to be repaid in timeDo note that simply relisting the market (e.g. for when users request to repay and redeem) will also lead to all the functions being available again.