Assessment reports>Hyperliquid>Threat Models>deposit

Function: deposit(uint64 usdc)

This function can be used to deposit USDC into the bridge.

Inputs

  • usdc

    • Control: Arbitrary.

    • Constraints: None (apart from the caller having sufficient balance).

    • Impact: Amount to be deposited.

Branches and code coverage (including function calls)

Intended branches

  • Deposits USDC into the contract and emits a corresponding event.

Negative behavior

  • Reverts if user balance is insufficient or USDC transfer fails.

Function call analysis

  • rootFunction -> usdcToken.transferFrom(user, address(this), usdc)

    • What is controllable? usdc.

    • If return value controllable, how is it used and how can it go wrong? Not controlled nor used.

    • What happens if it reverts, reenters, or does other unusual control flow? Reverts bubble up; reentrancy is not possible (USDC makes no external calls).

Zellic © 2025Back to top ↑