User Lifecycle

1. Open account

• AccountManager.openAccount(owner) -> accountId

• initialize owner permissions

2. Deposit collateral

Flow:

1. user approves adapter

2. AccountManager.deposit(accountId, profileId, amount)

3. adapter pulls token into custody

4. adapter notifies Ledger: lock(profileId, accountId, amount)

Requirements:

• deposits allowed even if oracle is stale (depositing reduces risk)

• collateral enabled flag must be true

3. Mint rwaUSD

Flow:

1. AccountManager.mint(accountId, profileId, amtRwaUsd, to)

2. FeeAccumulator.accrue(profileId) updates index

3. Ledger computes new principal delta corresponding to desired minted amount (or mints in principal units directly; pick one and keep consistent)

4. Ledger checks:

   • oracle status OK

   • cap not exceeded

   • post-mint safety check passes

   • min position threshold satisfied

5. Ledger:

   • increases principal

   • mints rwaUSD to to

Note on units: The cleanest approach is to mint in current-liability units (what user sees), then convert to principal internally using the current index. That prevents user confusion and keeps UI consistent.

4. Repay (burn rwaUSD)

Flow:

1. user approves rwaUSD spending

2. AccountManager.repay(accountId, profileId, amtRwaUsd, from)

3. accrue index

4. Ledger reduces liability by burning rwaUSD

5. principal decreases accordingly

6. if principal hits zero, account is debt-free for that profile

Repayments must always be allowed, even in restricted mode.

5. Withdraw collateral

Flow:

1. AccountManager.withdraw(accountId, profileId, amount, to)

2. accrue index

3. Ledger checks post-withdraw safety

4. Ledger decreases locked collateral

5. adapter transfers tokens to to

Withdrawals are risk-increasing and must be blocked when:

• oracle status not OK (policy choice: either block or require higher margin)

• system is paused

• account is under unwind