Brenzee
medium
IronBank.delistMarket delists a market from markets mapping and allMarkets array, but that is not enough because market.userBorrows mapping and market.userSupplies are not deleted and will be still in contract storage.
function delistMarket(address market) external onlyMarketConfigurator {
DataTypes.Market storage m = markets[market];
require(m.config.isListed, "not listed");
delete markets[market];
allMarkets.deleteElement(market);
emit MarketDelisted(market);
}
Line delete markets[market] will delete markets[market] but will not delete markets[market].userBorrows and markets[market].userSupplies
This will cause an issue if a delisted market gets listed back once again - userBorrows and userSupplies will still be the same ones as before and it will not be empty.
IronBank.delistMarket doesn't fully clear market storage - userBorrows and userSupplies are not removed. This will cause an issue if the same market gets listed back.
Manual Review
Arrays allUserSupplies and allUserBorrows should be saved in the market data. In that way the whole userBorrows and userSupplies can be successfully cleared.
function delistMarket(address market) external onlyMarketConfigurator {
DataTypes.Market storage m = markets[market];
require(m.config.isListed, "not listed");
for (uint256 i = 0; i < m.allUserSupplies.length; i++) {
delete m.userSupplies[m.allUserSupplies[i]]
}
for (uint256 i = 0; i < m.allUserBorrows.length; i++) {
delete m.userBorrows[m.allUserBorrows[i]]
}
delete markets[market];
allMarkets.deleteElement(market);
emit MarketDelisted(market);
}