Audit finding: A06-1, A06-2
Source: audit/2026-03-14-01 triage #19, #20
A06-1: No test for spender != pool in _exchange
LibGenericPoolExchange.exchange() decodes exchangeData into (address spender, address pool, bytes encodedFunctionCall) where spender and pool can be different addresses. Current tests always set them equal. Need test with spender != pool.
A06-2: No fuzz test over exchangeData decoding in _exchange
No fuzz tests cover edge cases in exchangeData decoding (zero-address spender/pool, empty encoded call, malformed data).
File: src/lib/LibGenericPoolExchange.sol, src/concrete/arb/GenericPoolRaindexV6FlashBorrower.sol
Audit finding: A06-1, A06-2
Source:
audit/2026-03-14-01triage #19, #20A06-1: No test for
spender != poolin_exchangeLibGenericPoolExchange.exchange()decodesexchangeDatainto(address spender, address pool, bytes encodedFunctionCall)wherespenderandpoolcan be different addresses. Current tests always set them equal. Need test withspender != pool.A06-2: No fuzz test over
exchangeDatadecoding in_exchangeNo fuzz tests cover edge cases in
exchangeDatadecoding (zero-address spender/pool, empty encoded call, malformed data).File:
src/lib/LibGenericPoolExchange.sol,src/concrete/arb/GenericPoolRaindexV6FlashBorrower.sol