Since accepted tokens list is prone to change, maybe even reduction, there is a flaw in the protocol design. Removal of accepted tokens as collateral leads to unintended liquidation of vaults.

Vulnerability Details

When a user provides collateral to a vault, he expects it to remain there as collateral and the amount to stay safe, unless of course the vault is liquidated by a drop in value of collateral. However the vault can be liquidated by protocols' own doing by removing an asset from the TokenManager accepted tokens list.

It may seem that this is out-of-scope since it concerns the TokenManager contract but since the SmartVault HEAVILY relies on the acceptedTokens list, I believe it to be a legitimate issue on SmartVault contract.

Impact

User loses all of his funds in the vault since they are liquidated. Severity will be put as LOW since certain unlikely scenarios have to happen in order for this to happen.

Tools Used

Manual review

Recommendations

Implement emergency protocol feature to send back asset that is intended to be removed from TokenManager to vault owners.