Function: flashLoan(IERC3156FlashBorrower receiver, address token, uint256 amount, byte[] data)
This function is used to flash loan debt tokens.
Inputs
receiver
Control: Fully controlled.
Constraints: Receiver should be a valid ERC3156FlashBorrower contract.
Impact: Receiver of the flash loan.
token
Control: Fully controlled.
Constraints: Address of token should be equal to address of this contract.
Impact: These tokens will be minted for the flash loan.
amount
Control: Fully controlled.
Constraints: Amount should be less than the max flash loan amount.
Impact: The amount of tokens to be provided as a flash loan.
data
Control: Fully controlled.
Constraints: No constraints.
Impact: N/A.
Branches and code coverage (including function calls)
Intended branches
The amount of flash loan requested is minted to the receiver.
The call
receiver.onFlashLoan
returns the correct return value.The amount requested is burned after the flash loan is complete, and the fee is transferred to the fee receiver.
Negative behavior
Revert if the
token
address is not equal to the address of this contract.Revert if amount exceeds the max flash loan amount.
Revert if return value of
receiver.onFlashLoan
is not equal to_RETURN_VALUE
.Revert if tokens cannott be burnt from the receiver address.
Revert if tokens cannot be transferred to the fee receiver contract.
Function call analysis
receiver.onFlashLoan(msg.sender, token, amount, fee, data)
:What is controllable?
msg.sender
,token
,amount
, anddata
.If return value controllable, how is it used and how can it go wrong? Return value should always be equal to
_RETURN_VALUE
.What happens if it reverts, reenters, or does other unusual control flow? This function can reenter, but it does not pose a risk because it always preserves the property that the amount minted at the beginning is always recovered and burned at the end, or else the entire function will revert.