feat: fl aave v3 carry debt

[rajko-z]

Summary

Move from deprecated folder and refactor it

Running tests:
npx hardhat test ./test/actions/flashloan/aavev3-carry-debt.js --network hardhat

Type of change

• New Feature - A change that adds functionality.
• Bugfix - A change that resolves an issue.
• Tweak - A change that modifies existing features.
• Refactor - Code improvements without changing behavior.
• Performance - Optimizations for gas or execution efficiency.
• Documentation - Updates to docs, comments, or NatSpec.
• Tests - Adding or updating test coverage.
• Chore - Maintenance, dependencies, CI/CD, deployments or tooling updates.

Checks

For New Contracts

• Does the new contract have tests?
• Does the contract contain all the NatSpec needed (@title, @notice, @param, etc.)?
• Is the contract deployed and the address added to the JSON file?
• If the contract is registered, is the waitPeriod set correctly?
• Is the contract verified and added to the Tenderly dashboard?
• Is documentation written for the corresponding DFS action and added to GitBook?

[octane-security-app]

Summary by Octane

New Contracts

• FLAaveV3CarryDebt.sol: The FLAaveV3CarryDebt contract utilizes Aave V3 flash loans to generate debt for a user without returning funds, leveraging credit delegation.

Updated Contracts

• FLAction.sol: The key change was adding @dev annotations for improved documentation clarity.

---

🔗 Commit Hash: bf6021e

[octane-security-app]

Overview

Vulnerabilities found:	3
Severity breakdown:	1 High, 2 Low

Warnings found:	2

Detailed findings

contracts/actions/flashloan/FLAaveV3CarryDebt.sol

• Incomplete post-flashloan credit delegation check in FLAaveV3CarryDebt causes attacker to open Aave V3 debt on victim and receive borrowed funds. See more
• Single-value FL return and variable-only delegation post-check in FLAaveV3CarryDebt cause multi-asset dynamic carry-debt reverts and incorrect allowance enforcement. See more
• Missing repayment accounting and guardrails in FLAaveV3CarryDebt causes user funds to be stranded on action contract while debt is opened. See more

Warnings

contracts/actions/flashloan/FLAaveV3CarryDebt.sol

• Missing on-chain mode enforcement and repayment handling in FLAaveV3CarryDebt causes deterministic reverts on mode-0/1 use. See more
• Deferred debt minting during Aave V3 flash-loan callback in FLAaveV3CarryDebt causes unsound or unusable in-recipe Aave V3 checks. See more

---

🔗 Commit Hash: bf6021e
🛡️ Octane Dashboard: All vulnerabilities

[majkic99]

small changes needed, but all in all lgtm