[H-7] Incorrect handling of requesterCallData for Flashloan action inside _getBeneficiaryFromCalldataof the router
Description
When a Flashloan action is executed, the requesterCallData parameter is extracted from the calldata and passed to the _getBeneficiaryFromCalldata function again.
(Decode B in the following code)
To decode the requesterCallData into actions and arguments inside this second _getBeneficiaryFromCalldata call, the following encoding would be used at Decoding A.
[H-7] Incorrect handling of requesterCallData for Flashloan action inside _getBeneficiaryFromCalldataof the router
Description
When a Flashloan action is executed, the requesterCallData parameter is extracted from the calldata and passed to the _getBeneficiaryFromCalldata function again. (Decode B in the following code)
To decode the requesterCallData into actions and arguments inside this second _getBeneficiaryFromCalldata call, the following encoding would be used at Decoding A.
However, the requesterCallData of the Flasher has a different format than (Action[], bytes[], uint256) , it is:
This means that the decoding process would fail at point A, and the router would not be able to bridge calldata with Flashloan as its first position.
This is problematic because having Flashloan as the first action is necessary for some of Fuji's use cases, such as closing a position with Flashloan.
Remediation
Consider refactoring
_getBeneficiaryFromCalldata
to accommodate the Flashloan action.One way of doing so is