Function: withdraw(uint256 assets, address receiver, address owner)

This is a bridge-only function that burns shares from owner and transfers FRXUSDT to receiver — only in the Withdraw phase.

Inputs

• assets

  • Control: N/A.

  • Constraints: Must be greater than zero and cannot exceed the owner's withdrawable balance (maxWithdraw).

  • Impact: Determines how many shares are burned and how much FRXUSDT is transferred.

• receiver

  • Control: N/A.

  • Constraints: Must be nonzero.

  • Impact: Receives the withdrawn principal.

• owner

  • Control: N/A.

  • Constraints: Must be nonzero.

  • Impact: Loses the corresponding shares while FRXUSDT is delivered to receiver.

Branches and code coverage

Intended branches

• Shares are burned, and FRXUSDT is transferred.

  Test coverage

Negative behavior

• Calls outside Withdraw mode revert.

  Negative test

Function call analysis

• SafeERC20.safeTransfer(IERC20(this.asset()), receiver, assets)

  • What is controllable? The bridge controls the number of FRXUSDT to withdraw (assets) and the receiver (receiver).

  • If the return value is controllable, how is it used and how can it go wrong? N/A.

  • What happens if it reverts, reenters or does other unusual control flow? N/A.