User can add poolbalance without using depositTokens functions
e.g) transfer, tranferFrom,
That’s all!
function flashLoan(uint256 borrowAmount) external nonReentrant {
require(borrowAmount > 0, "Must borrow at least one token");
uint256 balanceBefore = damnValuableToken.balanceOf(address(this));
require(balanceBefore >= borrowAmount, "Not enough tokens in pool");
// Ensured by the protocol via the `depositTokens` function
**// @audit-issue**
***assert(poolBalance == balanceBefore);***
// assert(poolBalance == damnValuableToken.balanceOf(address(this));
damnValuableToken.transfer(msg.sender, borrowAmount);
IReceiver(msg.sender).receiveTokens(
address(damnValuableToken),
borrowAmount
);
uint256 balanceAfter = damnValuableToken.balanceOf(address(this));
require(balanceAfter >= balanceBefore, "Flash loan hasn't been paid back");
}