Function: flashLoan(IERC3156FlashBorrower receiver, address token, uint256 amount, byte[] data)
This function is used to flash loan debt tokens.
Inputs
receiverControl: Fully controlled.
Constraints: Receiver should be a valid ERC3156FlashBorrower contract.
Impact: Receiver of the flash loan.
tokenControl: Fully controlled.
Constraints: Address of token should be equal to address of this contract.
Impact: These tokens will be minted for the flash loan.
amountControl: Fully controlled.
Constraints: Amount should be less than the max flash loan amount.
Impact: The amount of tokens to be provided as a flash loan.
dataControl: Fully controlled.
Constraints: No constraints.
Impact: N/A.
Branches and code coverage (including function calls)
Intended branches
The amount of flash loan requested is minted to the receiver.
The call
receiver.onFlashLoanreturns the correct return value.The amount requested is burned after the flash loan is complete, and the fee is transferred to the fee receiver.
Negative behavior
Revert if the
tokenaddress is not equal to the address of this contract.Revert if amount exceeds the max flash loan amount.
Revert if return value of
receiver.onFlashLoanis not equal to_RETURN_VALUE.Revert if tokens cannott be burnt from the receiver address.
Revert if tokens cannot be transferred to the fee receiver contract.
Function call analysis
receiver.onFlashLoan(msg.sender, token, amount, fee, data):What is controllable?
msg.sender,token,amount, anddata.If return value controllable, how is it used and how can it go wrong? Return value should always be equal to
_RETURN_VALUE.What happens if it reverts, reenters, or does other unusual control flow? This function can reenter, but it does not pose a risk because it always preserves the property that the amount minted at the beginning is always recovered and burned at the end, or else the entire function will revert.