Even if market information is deleted, the user's borrowing and supply data will remain.
Summary
In solidity, deleting a struct does not delete the mapping information if it encompasses amapping.
This leaves the user's borrowing and lending amounts even if the market information is deleted
Vulnerability Detail
In ironbank's delistMarket function, delete markets[market] deletes market information.
However, the internal userBorrows and userSupplies are not deleted.
Impact
Critical information cannot be deleted, which may cause unexpected problems.
innertia
medium
Even if market information is deleted, the user's borrowing and supply data will remain.
Summary
In solidity, deleting a
structdoes not delete themappinginformation if it encompasses amapping. This leaves the user's borrowing and lending amounts even if the market information is deletedVulnerability Detail
In ironbank's
delistMarketfunction,delete markets[market]deletes market information. However, the internaluserBorrowsanduserSuppliesare not deleted.Impact
Critical information cannot be deleted, which may cause unexpected problems.
Code Snippet
https://github.com/sherlock-audit/2023-05-ironbank/blob/9ebf1702b2163b55479624794ab7999392367d2a/ib-v2/src/protocol/pool/IronBank.sol#L603 https://github.com/sherlock-audit/2023-05-ironbank/blob/9ebf1702b2163b55479624794ab7999392367d2a/ib-v2/src/libraries/DataTypes.sol#L38-L39
Tool used
Manual Review
Recommendation
Delete mapping and then struct