Bankruptcy

[IliaZyrin]

Bankruptcy handling: logic, tests, and docs

What this does

• Implements full bankruptcy flow for users and banks, including super-bankruptcy handling (clamps loss and kills the bank when bad debt exceeds assets). Introduces a dedicated error code to reflect this terminal state.

• Adds a user & bank bankruptcy guide (how it triggers, discharge order, and outcomes): BANKRUPTCY.md.

• Hardens instruction paths with additional bank state validation (e.g., during borrow) to prevent actions on paused/reduced/killed banks.

Notable changes

• New/updated program errors
  BankKilledByBankruptcy (code 6082).
  Quick lookup: BankKilledByBankruptcy.

• Instruction changes

handle_bankruptcy logic (bank-level settlement, socialized losses, kill path on super-bankruptcy).

borrow as well as the other ixes (deposit repay, withdraw) now validates that the bank is not in a paused or reduced state.

• Tests & fuzz

New spec: tests/zb01_bankruptcy.spec.ts (see Files changed).

Fuzz harness updates and additional logging/assertions to surface unexpected liquidation errors.

How it works (short)

• Liquidation exhausts remaining assets of the insolvent user.

• handle_bankruptcy settles bad debt:

Use insurance if sufficient.

Otherwise, socialize via asset-share value reduction.

If still insufficient (super-bankruptcy), kill the bank (asset share value to zero; bank permanently disabled).

Test plan

• Unit/integration tests in zb01_bankruptcy.spec.ts cover user bankruptcy, bank bankruptcy, and super-bankruptcy kill path.

• Fuzz tests updated to assert allowed error surface and reject unexpected outcomes; reproducible logs added for triage.

[IliaZyrin]

@jgur-psyops let's merge this one?

[Henry-E]

Not a fan of adding another arbitrary validation function validate_bank_state

[Henry-E]

Not a fan of adding bypass_util_ratio as a top level option that isn't even clear what it is since it's just "true, false". I assume that is someone passes true by accident something pretty bad could happen?

[IliaZyrin]

Not a fan of adding another arbitrary validation function validate_bank_state

I expect it to look better once this TODO is addressed. But I would do it in a separate PR to only focus on this.

Not a fan of adding bypass_util_ratio as a top level option that isn't even clear what it is since it's just "true, false". I assume that is someone passes true by accident something pretty bad could happen?

Yeah, so basically it is the main change to bankruptcy. It is what will allow us to deal with super-bankruptcies, which are currently non-solvable. Although, I see your point about the risk of accidentally putting a true there.
It makes sense to separate it. I'll do it.

[Henry-E]

From the meeting earlier it sounds like we're adding a much bigger solution for a problem that we're unlikely to have in the future that is very specifically for dealing with Arena banks that are in a weird state. Would it not be possible to add something that is self contained to specifically arena banks and doesn't expose the other banks to these changes.

Agreed that, yes in the long term, users shouldn't be able to get into a state where they can't even get into the state in the first place. And we should be able to handle bankruptcies. Though I don't know what kind of priority this direction is for the product where banks are potentially ending up like this.

[Henry-E]

How is this different from assert_operational_mode?

[Henry-E]

So the high level idea is to enforce which states a bank is allowed to be in when an instruction is run? Since this wasn't really enforced before, except implicitly by assert_operational_mode?

Maybe it's a nit pick but I wonder if the positive is easier to understand
bank.load().allowed_states([PAUSED, REDUCE])
and we can put that in the constraints above the bank's account in a given instruction context.

[Henry-E]

Nothing left to say on this

[Henry-E]

LGTM