Function: transferFrom(address owner, address recipient, uint256 amount)

Moves tokens from the sender to the given recipient, using the allowance mechanism. The given amount is deducted from the caller's allowance for the provided owner.

Inputs

• owner

  • Control: Arbitrary.

  • Constraints: Must be a valid entry in the _allowances 2D mapping; otherwise, setting the new allowance will fail. Cannot be 0.

  • Impact: Decides which allowance to use.

• recipient

  • Control: Arbitrary.

  • Constraints: Cannot be 0.

  • Impact: Decides where the amount should be transferred.

• amount

  • Control: Arbitrary.

  • Constraints: Cannot be more than the actual allowance or the subtraction will underflow and revert.

  • Impact: Decides the amount to transfer and how much that will be left in the allowance.

Branches and code coverage (including function calls)

Intended branches

• Transfer when token owner has enough balance.

  Test coverage

• Transfer when the spender has enough approved balance.

  Test coverage

Negative behavior

• Transfer when the spender does not have enough approved balance.

  Negative test

• Transfer when token owner does not have enough balance.

  Negative test

• Transfer from address(0).

  Negative test

• Transfer to address(0).

  Negative test

Function call analysis

• rootFunction -> _transfer(args)

  • What is controllable? Everything.

  • If return value controllable, how is it used and how can it go wrong? Not checked.

  • What happens if it reverts, reenters, or does other unusual control flow? New allowance is set before transfer, making reentrancy less useful. A reward manager could add an extraReward that hooks every transfer before the balances are updated.