Function: withdraw(address _token, uint256 _amount, address _receiver)

This function can be called by vaults when a user wants to redeem pool tokens in exchange for the corresponding amount of underlying assets.

Inputs

• _token

  • Control: None (controlled by the vault).

  • Constraints: msg.sender and _token must match according to pool configuration.

  • Impact: Asset to be withdrawn.

• _amount

  • Control: None (controlled by the vault).

  • Constraints: None.

  • Impact: Amount to be withdrawn.

• _receiver

  • Control: Arbitrary (user can specify the receiver).

  • Constraints: None.

  • Impact: Receiver of the withdrawn asset.

Branches and code coverage

Intended branches

• After checking msg.sender against _token, it transfers the requested amount of assets to the recipient.

  Test coverage

Negative behavior

• Reverts if msg.sender is not the vault associated with _token.

  Negative test

Function call analysis

• SafeERC20.safeTransfer(IERC20(_token), _receiver, _amount)

  • What is controllable? _receiver.

  • If the return value is controllable, how is it used and how can it go wrong? Not used.

  • What happens if it reverts, reenters or does other unusual control flow? Reentrancy is an issue — not exploitable in practice because Wasabi allowlists a set of tokens that do not allow an attacker to reenter on transfer.