Function: withdraw(uint256 assets, address receiver, address owner)

Withdraws assets from the vault by burning shares corresponding to the value.

Inputs

• assets

  • Control: Arbitrary.

  • Constraints: Must be less than max withdraw for the owner, which accounts for withdrawal requests.

  • Impact: Amount of assets to withdraw.

• receiver

  • Control: Arbitrary.

  • Constraints: None.

  • Impact: Receiver of the assets.

• owner

  • Control: Arbitrary.

  • Constraints: If not sender, allowance must be present and spent.

  • Impact: Owner of the shares to be redeemed.

Branches and code coverage

Intended branches

• Withdrawal succeeds for sender owner.

  Test coverage

• Withdrawal succeeds for nonsender owner with allowance.

  Test coverage

Negative behavior

• Withdrawal fails due to max withdrawal.

  Negative test

• Withdrawal fails due to allowance.

  Negative test

• Withdrawal fails due to undercollateralization.

  Negative test

Function call analysis

• this._withdraw(this._msgSender(), receiver, owner, assets, shares) -> SafeERC20Upgradeable.safeTransfer(this._asset, receiver, assets)

  • What is controllable? Quantity of assets.

  • If the return value is controllable, how is it used and how can it go wrong? N/A.

  • What happens if it reverts, reenters or does other unusual control flow? Tail call, so reentrancy due to an ERC-20 hook is safe.