Function: deposit(uint256 assets, address receiver)

This function is the primary entry point for users to supply USDC during the deposit window. It mints non-KYC shares 1:1 and increments the non-KYC accounting pool so users can later opt into KYC or redeeming without approval.

Inputs

• assets

  • Control: N/A.

  • Constraints: Must be nonzero and within the remaining cap (maxDeposit).

  • Impact: Increases sharesNonKyc, mints the same number of shares, and transfers USDC from the caller.

• receiver

  • Control: N/A.

  • Constraints: Must be nonzero.

  • Impact: The receiver gains newly minted non-KYC shares.

Branches and code coverage

Intended branches

• Shares are minted 1:1 with the deposited USDC, and sharesNonKyc is incremented by the deposited amount.

  Test coverage

• Cap enforcement via maxDeposit ensures deposits cannot exceed the configured limit.

  Test coverage

Negative behavior

• Calls outside Deposit phase and window revert.

  Negative test

Function call analysis

• SafeERC20.safeTransferFrom(HourglassStableVaultKYC.USDC, msg.sender, address(this), assets)

  • What is controllable? The caller controls the number of USDC to deposit (assets) and the receiver (receiver).

  • If the return value is controllable, how is it used and how can it go wrong? N/A.

  • What happens if it reverts, reenters or does other unusual control flow? N/A.