[false-positive]: false positive on ERC3156 flash lender `arbitrary-from-in-transferfrom` in slither 0.9.2

[thedavidmeister]

Describe the issue:

https://eips.ethereum.org/EIPS/eip-3156

reference implementation for ERC3156 has this code for the flash lender:

    function flashLoan(
        IERC3156FlashBorrower receiver,
        address token,
        uint256 amount,
        bytes calldata data
    ) external override returns(bool) {
        require(
            supportedTokens[token],
            "FlashLender: Unsupported currency"
        );
        uint256 fee = _flashFee(token, amount);
        require(
            IERC20(token).transfer(address(receiver), amount),
            "FlashLender: Transfer failed"
        );
        require(
            receiver.onFlashLoan(msg.sender, token, amount, fee, data) == CALLBACK_SUCCESS,
            "FlashLender: Callback failed"
        );
        require(
            IERC20(token).transferFrom(address(receiver), address(this), amount + fee),
            "FlashLender: Repay failed"
        );
        return true;
    }

slither complains (loudly, high severity, high confidence, red text) about the receiver in the repayment being an "arbitrary" transfer from, but it's the receiver of the loan

i don't see any way to rewrite this function that would satisfy both slither and ERC3156 as the ERC spec mandates the receiver being an argument to the flashLoan function

Code example to reproduce the issue:

https://eips.ethereum.org/EIPS/eip-3156#flash-loan-reference-implementation

Version:

0.9.2

Relevant log output:

No response

[AlissonRS]

Perhaps this could be revisited in #443