# Collateral Risk Assessment - Wrapped Origin ETH (wOETH)
![prisma_06112023_origin-protocol-wOETH.png](https://hackmd.io/_uploads/SyOOoaP7T.png)
### Useful Links
- Websites: [oeth.com](https://www.oeth.com) | [originprotocol.com](https://www.originprotocol.com)
- Documentation: [Gitbook](https://docs.oeth.com) | [Github](https://github.com/originprotocol/origin-dollar) | [Audits](https://github.com/OriginProtocol/security/tree/master/audits)
- Social: [Twitter](https://twitter.com/OriginProtocol) | [Blog](https://www.oeth.com/blog) | [Discord](https://discord.com/invite/ogn) | [Telegram](https://t.me/originprotocol)
- Contracts: [OETH token](https://etherscan.io/address/0x856c4Efb76C1D1AE02e20CEB03A2A6a08b0b8dC3), [Contracts architecture](https://docs.oeth.com/smart-contracts/registry/oeth-registry)
- Governance: [Gov hub](https://www.ousd.com/governance) | [OGV token](https://etherscan.io/token/0x9c354503c38481a7a7a51629142963f98ecc12d0) | [Timelock](https://etherscan.io/address/0x72426BA137DEC62657306b12B1E869d43FeC6eC7) | [Multisig (admin)](https://etherscan.io/address/0xbe2AB3d3d8F6a32b96414ebbd865dBD276d3d899) | [Multisig (strategist)](https://etherscan.io/address/0xF14BBdf064E3F67f51cd9BD646aE3716aD938FDC)
- Curve: [OETH/ETH Factory Pool](https://curve.fi/#/ethereum/pools/factory-v2-298/swap) | [Gauge Proposal](https://gov.curve.fi/t/proposal-to-add-eth-oeth-to-the-gauge-controller/9188)
- Dashboard: [OETH Analytics](https://www.oeth.com/analytics) | [OETH (Dune)](https://dune.com/originprotocol/oeth)
- Other: [Risk assessment (June 2023)](https://cryptorisks.substack.com/p/asset-risk-assessment-origin-ether)
# Introduction
**This report is conducted by the Prisma independent risk and research team operated by [Llama Risk](https://cryptorisks.substack.com/) as part of a series on LSD and yield-bearing ETH collateral risk assessments. In this report, we examine Origin's Wrapped Ether (wOETH).**
This report will comprehensively cover all relevant risk factors of wOETH for collateral onboarding. Our approach involves both quantitative and qualitative analysis to help determine whether the collateral can be safely onboarded and to what extent there should be restrictions on the protocol's exposure to the collateral.
As Prisma will be onboarding a variety of yield-bearing ETH tokens as collateral, our review involves comparative analysis to determine suitability as collateral. Risks are categorized into:
* **Market Risk** - risks related to market liquidity and volatility
* **Technology Risk** - risks related to smart contracts, dependencies, and Oracle price feeds
* **Counterparty Risk** - risks related to governance, centralization vectors, and legal/regulatory considerations
These risk categories will be summarized in the final section of this report and are meant to assist tokenholders in their determination around wOETH onboarding and setting suitable parameters.
# Section 1: Protocol Fundamentals
This section addresses the fundamentals of the proposed collateral. It is essential to convey (1) the value proposition of wOETH and (2) the overall architecture of Origin Protocol. This section contains descriptive elements that cannot be quantified and serves as a descriptive introduction to the collateral.
This section is divided into two sub-sections:
* 1.1: Description of the Protocol
* 1.2: System Architecture
## 1.1 Description of the Protocol
OETH is an ETH-backed, yield-generating token launched by Origin Protocol in May 2023. It seeks to maximize staking rewards for users by employing strategies involving liquid staking derivatives such as rETH, stETH, and sfrxETH, combined with an algorithmic market operations controller (AMO). OETH uses a rebasing mechanism to distribute yield by expanding the token supply and additionally has a wrapper contract (wOETH) that earns yield without rebasing. The asset mix is managed by a protocol-controlled strategist multisig, instructed by community governance via Snapshot votes. A significant portion of yield is sourced from Curve incentives (CRV and CVX rewards) on the OETH/ETH pool.
**Key metrics (as of October 3rd, 2023)**
* **TVL**: [42,944 OETH](https://etherscan.io/token/0x856c4Efb76C1D1AE02e20CEB03A2A6a08b0b8dC3)
* **Holders**: [465](https://etherscan.io/token/0x856c4Efb76C1D1AE02e20CEB03A2A6a08b0b8dC3)
* **Trailing 30-day APY**: [7.74%](https://www.oeth.com/)
### 1.1.1 Underlying Collateral
OETH is backed 1:1 by ETH deposited into the protocol and deployed into various underlying strategies. Strategies can include exposure to LSDs (e.g. sfrxETH, stETH, rETH), lending strategies (e.g. Morpho Aave WETH lending), and market making (e.g. farming the Curve OETH/ETH pool). The strategy allocation is operated by the protocol's strategist multisig and involves a [funds management](https://docs.oeth.com/core-concepts/fund-management) policy governed by tokenholders via Snapshot.
The real-time composition of OETH is displayed on the website's analytics dashboard:
![](https://hackmd.io/_uploads/BkHZuGPzp.png)
Source: [OETH Analytics](https://www.oeth.com/analytics) | Date: 10/3/2023
The largest share of assets have historically been allocated to the [Curve Automated Market Maker Operations (AMO) strategy](https://docs.oeth.com/core-concepts/supported-strategies/curve-metapools). The AMO mints OETH that it pairs with WETH deposits to supply liquidity in the OETH/ETH Curve pool. The AMO's purpose is to maintain the OETH peg; every OETH minted in this way is intended always to maintain full collateralization and must support the pool balance. Pool LP tokens are staked on Convex to earn CRV and CVX rewards.
OETH has also deployed ETH into a basket of LSD tokens, including sfrxETH, rETH, and stETH. These products have all been reviewed by Prisma Risk, linked below:
* [wstETH](https://hackmd.io/@PrismaRisk/wsteth)
* [rETH](https://hackmd.io/@PrismaRisk/rETH)
* [sfrxETH](https://hackmd.io/@PrismaRisk/sfrxETH)
Shown below is the OETH strategy allocations over time:
<iframe src='https://flo.uri.sh/visualisation/15166721/embed' title='Interactive or visual content' class='flourish-embed-iframe' frameborder='0' scrolling='no' style='width:100%;height:600px;' sandbox='allow-same-origin allow-forms allow-scripts allow-downloads allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation'></iframe>
*Note: On July 30th, a reentrancy exploit in some versions of the Vyper programming language resulted in the loss of funds from several Curve pools. For details on how Curve was affected, see the Llama Risk [postmortem](https://hackmd.io/@LlamaRisk/BJzSKHNjn). The Origin team promptly reacted by withdrawing funds from the AMO back to WETH. Funds were reallocated to the AMO shortly thereafter, once it was determined that the OETH/ETH pool was not at risk.*
Since its inception, OETH has heavily relied on its AMO strategy, which has made up over 80% of system collateral at its peak. The strategy has historically produced competitive yields by farming CRV and CVX rewards. On September 22nd, [a vote was passed](https://vote.ousd.com/#/proposal/0xc61cb21afc8df552e311685b23084f91e1fdceab198d1e161a1c9d72cbf2eecc) to shift OETH's yield sources away from relying heavily on Curve incentives. Instead, it will redeploy a significant portion of its ETH holdings into liquid staking tokens like rETH, stETH, and sfrxETH to earn native staking yields. The vote authorizes the strategist multisig to reduce AMO exposure to 25% or less of total value locked (TVL), deploying the ETH into a mix of liquid staking tokens. This is a significant change to monitor, as it will dramatically alter the underlying collateral and associated risk profile.
![](https://hackmd.io/_uploads/S1PmdzvfT.png)
Source: [OETH Snapshot page](https://vote.ousd.com/#/proposal/0xc61cb21afc8df552e311685b23084f91e1fdceab198d1e161a1c9d72cbf2eecc)
### 1.1.2 Yield Accrual Mechanism
OETH yield is distributed to token holders through a rebasing mechanism. This mechanism modifies the total money supply to reflect the yield earned by the protocol, maintaining OETH's value at 1 ETH. The rebasing is "up-only". In case of losses due to strategies reallocation (trading fees and slippage), rebasing stops until the yield catches up to pay off the debt. Other lossy events (e.g., a strategy suffering from a hack or slashing event on an LSD) would impact OETH's price on main liquidity venues.
Protocol earnings are directed to a [Dripper contract](https://etherscan.io/address/0xc0F42F73b8f01849a2DD99753524d4ba14317EB3) in the form of WETH. The Dripper regulates the yield distribution over a specified time window to prevent frontrunning large liquidity events. The [dripDuration](https://etherscan.io/address/0xc0F42F73b8f01849a2DD99753524d4ba14317EB3#readProxyContract#F3) is set to 3 days and yield is collected daily by a keeper bot.
Smart contracts are required, as described in the [docs](https://docs.oeth.com/core-concepts/elastic-supply/rebasing-and-smart-contracts), to proactively opt into the protocol via the `rebaseOptIn()` function. This enables optimized capital use by the protocol and improves composability with DeFi protocols not originally designed to handle changing balances. Therefore, OETH operates as a conventional ERC-20 token within other DeFi protocols until an explicit request for change is made. Standard EOA wallets, on the other hand, are automatically enrolled in the system, circumventing the need for an explicit opt-in. Note that the OETH managed by the Curve AMO does not accrue OETH yield and the [wOETH contract](https://etherscan.io/address/0xDcEe70654261AF21C44c093C300eD3Bb97b78192) is opted in to accrue OETH yield.
To verify whether a specific address is configured to receive yield, a public function on the OETH contract can be invoked. This function returns an indicator showing if the address has opted in or out, irrespective of the type of wallet to which the address pertains.
![](https://hackmd.io/_uploads/B1hEOfwM6.png)
Source: [OETH docs](https://docs.oeth.com/core-concepts/elastic-supply/rebasing-and-smart-contracts)
<!--
[A proposal](https://gov.curve.fi/t/proposal-to-add-frxeth-oeth-to-the-gauge-controller/9636) was also [passed](https://dao.curve.fi/vote/ownership/441) to add a gauge for a new frxETH/OETH incentive pool. This will transition some ETH/OETH liquidity to the frxETH pool to capitalize on these added incentives. If approved, OETH will earn additional yield through CRV emissions from the paired frxETH pool.
-->
### 1.1.3 Provider Fee
Origin collects a 20% performance fee on each rebase. 100% of the performance fee has, until now, been used to purchase flywheel tokens (CVX) which it uses to vote for gauge emissions to its Curve pool.
![](https://hackmd.io/_uploads/SJ2H_GwMT.png)
Source: [Token Terminal](https://tokenterminal.com/terminal/projects/originprotocol) | Date: 10/13/23
A [vote](https://vote.ousd.com/#/proposal/0x66a9e0040db9a6f993a43edfb6058d7a8eee355fdf866878ab9e990be38672f6) is in progress at time of writing to divide some portion of the fees between OGV buybacks (to distribute to veOGV stakers) and buying more flywheel tokens (CVX).
A 0.5% exit fee is also charged when OETH is redeemed directly from the Vault. This fee is returned to the OETH ecosystem to benefit the remaining token holders. There are no fees for transacting OETH on secondary markets like Curve and Uniswap. The 0.5% exit fee only applies to redemptions made directly through the Origin dapp.
### 1.1.4 Node Operator Set
Not applicable, as OETH is a basket of liquid staking derivatives.
### 1.1.5 Validator Selection
Not applicable, as OETH is a basket of liquid staking derivatives.
### 1.1.6 Validator Collateralization
Not applicable, as OETH is a basket of liquid staking derivatives.
### 1.1.7 Governance Model
Initially, OETH was controlled by two protocol-controlled multisig wallets
- a [5-of-8 admin multisig](https://etherscan.io/address/0xbe2AB3d3d8F6a32b96414ebbd865dBD276d3d899) and
- a [2-of-9 strategist multisig](https://etherscan.io/address/0xF14BBdf064E3F67f51cd9BD646aE3716aD938FDC).
However, in July 2023, ownership of the OETH contracts was transferred from the Origin Protocol multisig to the Origin DAO governed by veOGV token holders. This governance upgrade followed extensive auditing and over six weeks of battle-testing. It aligns with Origin's goal to decentralize the OETH product progressively. This decentralized on-chain governance model allows OGV token stakers to govern OETH operations and parameters through voting proposals.
OGV stakers control the OETH Governor contract and OETH Vault proxy contract. Any contract upgrades are subject to a 48-hour timelock period before execution. Collateral allocations between stETH, rETH, and frxETH take place via Snapshot votes, while most other proposals use on-chain voting. Under the new structure, OGV stakers can govern mechanics like:
* Addition of new liquid staking tokens (LSTs)
* Integration of new yield strategies
* Changes to protocol fees
* Upgrades to contracts
* Allocation of OETH yield to OGV stakers
The strategist 2-of-9 multisig continues to manage frequent operations like rebalancing assets in DAO-approved strategies, including to withdraw from all strategies, and pausing deposits/withdrawals. This provides the protocol flexibility to swiftly respond to market conditions without requiring an on-chain governance vote. The strategist role can be reassigned, subject to a governance vote and 48h timelock.
<!--
Origin has recently [proposed adding a Gauge controller to Curve for a frxETH/OETH](https://gov.curve.fi/t/proposal-to-add-frxeth-oeth-to-the-gauge-controller/9636) incentive pool. The goal is to increase liquidity and volume for OETH and frxETH by rewarding LPs with CRV emissions. This shows Origin's continued involvement with Curve governance and incentives to maximize yields for OETH holders.
-->
**Origin Team**
The core team at Origin Protocol comprises experienced professionals with backgrounds in various industries and companies, including Coinbase, YouTube, Google, Paypal, Dropbox, and Pinterest. The founders and several team members are serial entrepreneurs who have founded and exited successful ventures.
Here are brief profiles of the core team members:
* **Josh Fraser**: Co-founder, co-founded three other venture-backed companies: EventVue, Torbit (acquired by Walmart Labs), and Forage.
* **Matthew Liu**: Co-founder, was the 3rd Product Manager at YouTube (acquired by Google) and VP PM at Qwiki (acquired by Yahoo) and Bonobos (acquired by Walmart).
* **Franck Chastagnol**: Head of Engineering - has led engineering teams at Inktomi, Paypal, YouTube, Google, and Dropbox.
* **Micah Alcorn**: Director of Product, was the technical co-founder of WellAttended, a bootstrapped box office management platform.
* **Andra Nicolau**: Head of BD, OUSD. She was most recently the Head of Growth at 1inch, where she raised over $250M.
* **Justin Charlton**: Head of Finance, Designed budgets for satellite launches and advised tech clients on M&A and strategy for seven years at PwC and KPMG.
Source: [https://www.originprotocol.com/community](https://www.originprotocol.com/community)
## 1.2 System Architecture Diagram
### 1.2.1 Network Architecture Overview
The OETH system architecture centers around the [OETH Vault](https://etherscan.io/address/0x39254033945AA2E4809Cc2977E7087BEE48bd7Ab), which custodies user deposits and mints OETH tokens against collateral. The Vault interacts with various yield-generating strategies where funds are deployed, and a network of smart contracts works in unison to optimize yields, distribute interest to users, maintain price stability, and provide market liquidity. Authorized strategists oversee strategy management according to parameters set by governance.
Users can mint OETH from any of the underlying protocol assets (ETH, WETH, frxETH, sfrxETH, rETH, stETH), which in the case of ETH and sfrxETH is assisted by the [Zapper contract](https://etherscan.io/address/0x9858e47BCbBe6fBAC040519B02d7cd4B2C470C66) to process the deposit. [Oracle pricefeeds](https://docs.oeth.com/core-concepts/price-oracles) are referenced against the internal exchange rate of the deposit token to ensure the amount of OETH minted to the user is within an acceptable range.
Once in the vault, anyone can permissionlessly allocate any available WETH to predefined strategies, which includes staking in LSD protocols, depositing into the Curve AMO, and depositing into the Morpho Aave strategy. Likewise, anyone can [harvest](https://etherscan.io/address/0x0D017aFA83EAce9F10A8EC5B6E13941664A6785C) rewards from the AMO, which are swapped to ETH and sent to the [Dripper contract](https://etherscan.io/address/0xc0F42F73b8f01849a2DD99753524d4ba14317EB3). The Dripper gradually distributes yield over a week to prevent attackers from front-running large liquidity events.
OETH can be wrapped by depositing into the [wOETH contract](https://etherscan.io/address/0xDcEe70654261AF21C44c093C300eD3Bb97b78192). As OETH in the contract earns yield, the wOETH:OETH exchange rate increases, allowing the user to withdraw more OETH than they deposited at some later date.
Users can redeem OETH at any time for a 0.5% withdrawal fee. If there are tokens available in the vault, they can be redeemed directly. Otherwise, the protocol will withdraw from the strategies to process the redemption request. Similar to mint requests, oracle pricefeeds are referenced against the internal exchange rate of the requested LSD to process the request within acceptable price bounds. Users cannot specify a desired withdrawal token; they will receive a pro rata share of all underlying LSD tokens.
### 1.2.2 Architecture Diagram
An overview of the OETH contracts:
![](https://hackmd.io/_uploads/rJ2d_zvfp.png)
Source: [Contract Registry and Dependencies Chart](https://docs.oeth.com/smart-contracts/registry/oeth-registry)
The following diagram shows the overall value flow within the OETH system, from processing user deposits, to vault allocations and harvesting, to redemptions. See the [Origin Github](https://github.com/OriginProtocol/origin-dollar/tree/master/contracts/docs/plantuml) for a further breakdown of each category within the value flow.
![](https://hackmd.io/_uploads/SJyq_GvG6.png)
Source: [Origin Github](https://github.com/OriginProtocol/origin-dollar/blob/master/contracts/docs/plantuml/oethValueFlows.png)
<!--
![](https://hackmd.io/_uploads/SyCEGN7ep.png)
Source: [Origin GitHub](https://github.com/OriginProtocol/origin-dollar/blob/master/contracts/docs/plantuml/oethValueFlows-allocate.png)
-->
### 1.2.3 Key Components
* **OETH Vault** - Main contract holding assets and interacting with strategies. Mints/burns OETH and handles yield distribution.
* **Strategies** - DAO-approved contracts where collateral is deployed.
* **AMO** - Convex ETH MetaStrategy provides liquidity to the Curve pool. Manages OETH supply to balance the pool and maintain the peg.
* **Oracles** - Including Chainlink price feeds ensures proper valuation of assets. (frxETH does not have a Chainlink price feed and instead relies on a custom on-chain oracle by Frax.)
* **OETH Zapper** - Helper contract for minting OETH from ETH/sfrxETH. Optimizes gas costs.
* **Harvester** - Collects rewards from strategies and sells them for the highest yield asset.
* **Dripper** - Gradually allocates yield over three days to smooth distribution.
#### The OETH Vault
The [OETH Vault](https://etherscan.io/address/0x39254033945aa2e4809cc2977e7087bee48bd7ab) mints and burns OETH from WETH, frxETH, rETH, and stETH. The supported assets can be queried in [`getAllAssets`](https://etherscan.io/address/0x39254033945aa2e4809cc2977e7087bee48bd7ab#readProxyContract#F6). The Vault is also a core system contract that custodies the deposited funds and stores various strategies ([`getAllStrategies`](https://etherscan.io/address/0x39254033945aa2e4809cc2977e7087bee48bd7ab#readProxyContract#F7)) where the underlying assets are deployed to earn a yield. It calculates interest earned from the strategies and executes rebases of the OETH supply.
OETH redemptions from the Vault will return an equal value of every supported asset to the user (WETH, frxETH, rETH, stETH). An exit fee of 0.5% is charged on direct redemptions from the Vault and is returned to OETH holders. An additional performance fee is assigned to a [trusteeAddress](https://etherscan.io/address/0x39254033945AA2E4809Cc2977E7087BEE48bd7Ab#readProxyContract#F26), which receives a 20% fee on yield earned. This limits the potential arbitrage from oracle frontrunning. The trusteeAddress is currently set to the Origin [2-of-9 strategist multi-sig](https://etherscan.io/address/0xF14BBdf064E3F67f51cd9BD646aE3716aD938FDC).
#### The Strategies
There are different strategies attached to the OETH Vault; they can be queried via the [`getAllStrategies`](https://etherscan.io/address/0x39254033945AA2E4809Cc2977E7087BEE48bd7Ab#readProxyContract#F7) function. Depending on allocation, these can materially alter OETH's risk profile. At the time of writing, the strategies are:
- **[ConvexEthMetaStrategy](https://etherscan.io/address/0x1827F9eA98E0bf96550b2FC20F7233277FcD7E63)**: Supplies liquidity to the ETH-OETH Curve pool. The LP token is deposited into the Gauge and then staked on Convex, enabling Origin to collect trading fees and protocol token rewards (CRV and CVX). This AMO strategy allows OETH to safely boost its deposits to enhance returns and sustain the pool's balance.
- **[FraxETHStrategy](https://etherscan.io/address/0x3fF8654D633D4Ea0faE24c52Aec73B4A20D0d0e5)**: an ERC-4626 Tokenized Vault strategy for staking frxETH.
- **[OETHMorphoAaveStrategy](https://etherscan.io/address/0xc1fc9E5eC3058921eA5025D703CBE31764756319)** (idle): Morpho augments platforms like Compound and Aave by integrating a peer-to-peer layer that optimizes the pairing of lenders and borrowers, thus offering superior interest rates. If no appropriate pairings exist, the funds are directed straight to the base protocol.
- **[OETHBalancerMetaPoolwstEthStrategy](https://etherscan.io/address/0x49109629aC1deB03F2e9b2fe2aC4a623E0e7dfDC)** (newly added): Added following a [recent snapshot vote](https://vote.ousd.com/#/proposal/0x2ab3fd8727a268e3c0d14d9efa0ea19a2b6916415a47e7f816a5c328474342a9), this strategy allocates idle rETH holdings along with matching WETH into a Balancer pool, staking the LP tokens with Aura to generate additional yield from trading fees and rewards in these ecosystems.
Another [vote](https://vote.ousd.com/#/proposal/0x2a0439298a7088752030f8cd7d9bd30571f36301d7fe93245ce6e03d7f8305be) passed on September 29th to deploy liquidity to Curve's frxETH/WETH pool and stake the LP tokens on Convex to generate additional yield. Adding this strategy will help diversify OETH's yield sources beyond the current reliance on the Convex AMO and provide exposure to Curve's frxETH/WETH pool rewards.
#### AMO
Origin employs an Automated Market Operations (AMO) design [initially pioneered by Frax](https://docs.frax.finance/amo/overview). The AMO is implemented as the [ConvexEthMetaStrategy](https://etherscan.io/address/0x1827F9eA98E0bf96550b2FC20F7233277FcD7E63) strategy. The AMO operates by depositing funds into the Curve pool and allocating liquidity to both sides of the pool (ETH and OETH). Its primary function is maintaining the peg, enhancing capital efficiency, and optimizing yields for OETH holders.
The LP tokens are staked into the [Curve Gauge](https://etherscan.io/address/0xd03be91b1932715709e18021734fcb91bb431715) to maximize earned rewards (CRV & CVX). The resulting collateral is added to the Vault when these rewards are swapped to ETH. Conversely, the protocol can remove excess OETH from the pool to preserve price stability. Ultimately, the AMO can independently institute monetary policies within a closed system, provided it does not negatively impact the peg.
![](https://hackmd.io/_uploads/B1NoOzwzp.png)
Source: [Origin's GitHub repo](https://github.com/OriginProtocol/origin-dollar/tree/master/contracts/docs/plantuml). Flowchart of deposit to Curve pool through AMO.
OETH tokens minted by the AMO are unique as they are not backed by collateral from the Vault. One could think of this system as the Vault pre-minting some OETH for Curve to sell on its behalf, with those tokens becoming 100% backed when they enter circulation. These tokens are self-backed and are only circulated once collateralized. Users adding or removing OETH from the Curve pool are counterbalanced by the strategy's ability to burn or mint new supply, making the action similar to a minting or redemption process. OETH token can be redeemed at any time for underlying collateral on a 1:1 basis, ensuring the protocol remains 100% collateralized.
Shown below is the AMO logic that can mint up to a 2:1 ratio of OETH to WETH supplied. This allows it to bring the pool toward a balanced state when OETH experiences an upward depeg.
![](https://hackmd.io/_uploads/HJQ3OMwMp.png)
Source: [ConvexEthMetaStrategy.sol](https://www.contractreader.io/contract/mainnet/0x5c93E05783EA4D0D968c7A2C0cDfFCEfC711b213)
#### Oracles
Origin has a [Dune dashboard](https://dune.com/originprotocol/origin-oracles) to monitor the historical behavior of its price oracles.
OETH relies on Chainlink oracles to ensure accurate pricing of all LSD tokens tokens (except frxETH) during deposit and withdrawal. The contract call sets a minimum required amount for minting. The price feed is referenced against the LSD internal exchange rate as a sanity check to ensure the feed is within acceptable bounds. The transaction will revert if the reported oracle price of the collateral used to mint is less than 0.998 ETH, adjusted for the exchange rate.
Frax's [frxETH/ETH Oracle](https://etherscan.io/address/0xC58F3385FBc1C8AD2c0C9a061D7c13b141D7A5Df) is used for frxETH pricing as there is no Chainlink Oracle for the frxETH/ETH pair. This source prices from Curve's frxETH/ETH pool EMA oracle and Uniswap's frxETH/FRAX pool TWAP oracle. Chainlink FRAX/USD and ETH/USD Oracles are then used to convert frxETH/FRAX back to a frxETH/ETH price.
The protocol also uses Chainlink oracles when selling reward tokens for additional yield. This helps ensure the sale price slippage remains within acceptable limits, which is also applied to OGV buybacks from protocol earnings.
The [OETH Oracle Router](https://etherscan.io/address/0xbE19cC5654e30dAF04AD3B5E06213D70F4e882eE#readContract#F1) can be queried via the `price` function.
**Oracles addresses**:
* stETH/ETH: [0x86392dc19c0b719886221c78ab11eb8cf5c52812](https://etherscan.io/address/0x86392dc19c0b719886221c78ab11eb8cf5c52812)
* rETH/ETH: [0x536218f9e9eb48863970252233c8f271f554c2d0](https://etherscan.io/address/0x536218f9e9eb48863970252233c8f271f554c2d0)
* CRV/ETH: [0x8a12be339b0cd1829b91adc01977caa5e9ac121e](https://etherscan.io/address/0x8a12be339b0cd1829b91adc01977caa5e9ac121e)
* CVX/ETH: [0xC9CbF687f43176B302F03f5e58470b77D07c61c6](https://etherscan.io/address/0xC9CbF687f43176B302F03f5e58470b77D07c61c6)
* frxETH/ETH: [0xc58f3385fbc1c8ad2c0c9a061d7c13b141d7a5df](https://etherscan.io/address/0xc58f3385fbc1c8ad2c0c9a061d7c13b141d7a5df)
* FRAX/USD: [0xb9e1e3a9feff48998e45fa90847ed4d467e8bcfd](https://etherscan.io/address/0xb9e1e3a9feff48998e45fa90847ed4d467e8bcfd)
* ETH/USD: [0x5f4ec3df9cbd43714fe2740f5e3616155c5b8419](https://etherscan.io/address/0x5f4ec3df9cbd43714fe2740f5e3616155c5b8419)
#### The Zapper
The [OETH Zapper](https://etherscan.io/address/0x9858e47BCbBe6fBAC040519B02d7cd4B2C470C66) is a smart contract designed to assist users in minting OETH using Ether (ETH) and Frax Staked Ether (sfrxETH), as the [OETH Vault](https://etherscan.io/address/0x39254033945aa2e4809cc2977e7087bee48bd7ab) only supports WETH, frxETH, rETH, and stETH directly. This setup enhances system security and optimizes the gas cost during minting.
The Zapper allows for minting OETH in a single transaction, automatically routing ETH/sfrxETH into the Vault, and sending newly minted OETH to the depositor. It is not possible to withdraw from the Zapper, but users can redeem their OETH through the OETH Vault for a combination of WETH, rETH, stETH, and frxETH or by simply selling OETH for ETH in the Curve pool.
#### The Harvester and Dripper
The [OETHHarvester](https://etherscan.io/address/0x0D017aFA83EAce9F10A8EC5B6E13941664A6785C) collects rewards earned by the strategies, sells them for WETH, and forwards the proceeds to the [rewardsProceedsAddress](https://etherscan.io/address/0x0D017aFA83EAce9F10A8EC5B6E13941664A6785C#readProxyContract#F3). This address is set to the [dripper](https://etherscan.io/address/0xc0F42F73b8f01849a2DD99753524d4ba14317EB3) contract, which is designed to gradually allocate all of the yield produced by the protocol to OETH holders over three days (as queried in [dripDuration](https://etherscan.io/address/0xc0F42F73b8f01849a2DD99753524d4ba14317EB3#readProxyContract#F3)). This method evens out any abrupt fluctuations in yield. It deters potential attacks by eliminating the protocol's ability to anticipate significant liquidity events. Anyone can call [harvest](https://etherscan.io/address/0x0D017aFA83EAce9F10A8EC5B6E13941664A6785C#writeProxyContract#F3) and earn 2% of the proceeds as an incentivization.
![](https://hackmd.io/_uploads/BJ1Adzvza.png)
Source: [OETH.com](https://www.oeth.com/analytics/dripper)
#### Wrapped OETH
Origin also offers wOETH, an [ERC-4626](https://ethereum.org/en/developers/docs/standards/tokens/erc-4626/) compliant wrapped version of OETH, which appreciates while maintaining a fixed quantity. This feature makes wOETH compatible with other contracts and may provide tax advantages in certain regions instead of rebasing. Since the user already owns the wrapped version, unwrapping wOETH to OETH involves no approvals or constraints such as minimum term or lock-in period. Despite the static quantity of wOETH tokens, the equivalent OETH that can be unwrapped from wOETH progressively increases. The redeem function allows for the specification of the number of wrapped tokens to be unwrapped, with Etherscan's withdraw function as an alternative for specifying the amount of OETH to be retrieved.
wOETH remains a marginal token with very few holders:
![](https://hackmd.io/_uploads/SyTRuzwz6.png)
Source: [Etherscan](https://etherscan.io/token/0xDcEe70654261AF21C44c093C300eD3Bb97b78192) | Date: 10/3/2023
#### The OETH Dapp
OETH can be minted through the [Origin Dapp](https://app.oeth.com/) by supplying ETH, WETH, stETH, rETH, frxETH, or sfrxETH. The Dapp integrates several contracts (Curve pool, OETH vault, and OETH zapper) to find the optimal route, factoring in slippage and gas expenses. If OETH trades below peg, the router acquires OETH already in circulation (from the Curve pool or through Uniswap) rather than minting new OETH tokens from the Vault. OETH can be converted back to its composite or individual assets via the Dapp.
# Section 2: Performance Analysis
This section evaluates wOETH from a quantitative perspective. It analyzes token usage and competitive metrics and accounts for subsidized economic activity.
This section is divided into three sub-sections:
* 2.1: Usage Metrics
* 2.2: Competitive Analysis Metrics
* 2.3: Subsidization of Economic Activity
## 2.1 Usage Metrics
### 2.1.1 Total Value Locked (TVL)
OETH has ~42,944 ETH in TVL worth ~$71 million (as of October 3rd, 2023). While there was rapid growth in adoption in the first two months after launch, the TVL has flattened in recent months following a brief dip due to the Curve hack.
<iframe width="640px" height="360px" src="https://defillama.com/chart/protocol/origin-ether?denomination=ETH&theme=dark" title="DefiLlama" frameborder="0"></iframe>
Source: [DefiLlama](https://defillama.com/protocol/origin-ether?denomination=ETH)
Since late September, OETH has experienced a drawdown in OETH supply. As can be seen below, this is attributable to a reduction in POL which had been allocated to the Curve AMO. ETH TVL in the system has remained fairly stable in an overall uptrend.
![](https://hackmd.io/_uploads/rkGxFMvGT.png)
Source: [OETH Analytics](https://www.oeth.com/analytics) | Date: 10/18/2023
### 2.1.2 Transaction Volume
The transaction volume includes all on-chain operations, including mint, burn and all other methods. The average OETH transaction volume from July 1st to September 20th is $3,753,089. However, considering the impact of the Curve exploits, three specific days had significantly higher volumes (July 30th, August 1st, and August 3rd). The combined transaction volume for those three days is $175,332,550, constituting approximately 51.9% of the total transaction volume for the entire 90 days ($337,778,028).
![](https://hackmd.io/_uploads/rJmZtGPfp.png)
Source: [Etherscan](https://etherscan.io/exportData?type=tokentxns) and [CoinGecko](https://www.coingecko.com/en/coins/origin-ether/historical_data?start=2023-07-01&end=2023-09-30#panel) | Date: 7/1/2023 - 9/20/2023
The transaction count includes all on-chain token transfers. The average daily tx count over the 90 day window was 26.67/day with a minimum of 2 and maximum of 124.
![](https://hackmd.io/_uploads/HyxftGvfT.png)
Source: [Etherscan](https://etherscan.io/exportData?type=tokentxns) and [CoinGecko](https://www.coingecko.com/en/coins/origin-ether/historical_data?start=2023-07-01&end=2023-09-30#panel) | Date: 7/1/2023 - 9/20/2023
### 2.1.3 DEX Volume
A very low trading volume is anticipated when considering the characteristics of OETH compared to its backing assets (ETH and ETH derivatives) and its yield generation (over 7%). Over the 90 days, the OETH on-chain trading volume exhibited occasional daily spikes.
OETH experienced consistently higher volumes in early June that has since dropped off, punctuated by brief spikes. The majority of trade volume has historically taken place in the Curve OETH/ETH pool where the majority of OETH liquidity resides.
![](https://hackmd.io/_uploads/SklmYfDMa.png)
Source: [Dex Guru](https://dex.guru/history/token/eth/0x856c4efb76c1d1ae02e20ceb03a2a6a08b0b8dc3) | Date: 3/27/2023 - 8/26/2023
### 2.1.4 Average Transaction Size
The average transaction size for the observed 90-day period (July 1st to September 28th, 2023) is 74.827 OETH, and "all-time" metrics for OETH transfers can be seen in the image below:
![](https://hackmd.io/_uploads/HyhmKMDG6.png)
Source: [Bitquery Explorer](https://explorer.bitquery.io/ethereum/token/0x856c4efb76c1d1ae02e20ceb03a2a6a08b0b8dc3)
### 2.1.5 Trading Volume to Market Capitalization Ratio
The daily trading volume to market cap ratio shows sustained trading activity during a one month period from July to August. It has since experienced brief spikes, which is likely related to AMO activities.
![](https://hackmd.io/_uploads/S19NFMwf6.png)
Source: [CoinGecko](https://www.coingecko.com/en/coins/origin-ether/historical_data#panel) - 30th June to 26th September, 2023
<!--
### 2.1.6 LSD Token Velocity
![](https://hackmd.io/_uploads/BJtR1yAea.png)
Source: Etherscan and [CoinGecko](https://www.coingecko.com/en/coins/origin-ether/historical_data#panel)
-->
### 2.1.6 Active Addresses/Users
According to the Token Terminal methodology, an active user is an address that has interacted with at least one of the six Origin protocol smart contracts: OGV, OUSD, OETH, OUSD Vault, OETH Vault, and OUSD Flipper.
Over the past 90 days, the Origin protocol recorded 130 active users, averaging 1.44 active users daily. From July 1st to September 28th, there were 15 days when the protocol had no active users. The peak activity occurred on July 30th, with eight active addresses interacting with business-relevant protocol contracts.
![](https://hackmd.io/_uploads/By58tzDGp.png)
Source: [Token Terminal](https://tokenterminal.com/terminal/projects/originprotocol)
<!--
According to Etherscan data, unique daily transfer events for OETH and wOETH are as follows:
![](https://hackmd.io/_uploads/H1IzDRjl6.png)
Source: [Etherscan](https://etherscan.io/token/0x856c4Efb76C1D1AE02e20CEB03A2A6a08b0b8dC3#tokenAnalytics)
| | OETH | wOETH | Total |
| --- | --- | --- | --- |
| Average | 19.56 | 1.46 | 21 |
| Min | 4 | 0 | 6 |
| Max | 37 | 5 | 42 |
-->
### 2.1.7 User Growth
The number of OETH holder addresses increased by 3.72% last week and by 13.76% in the last 30 days.
![](https://hackmd.io/_uploads/S1dDKfwGa.png)
Source: [Dune Analytics](https://dune.com/queries/3081369) - 4 October, 2023
### 2.1.8 DeFi Integrations
OETH has relatively few DeFi integrations at this time, with a significant proportion of the total supply in the Curve OETH/ETH pool. 69.2% of the supply (labeled "other" below) is held in EOA addresses, multisig wallets, or MEV bot contracts.
![](https://hackmd.io/_uploads/rk8OFMvf6.png)
Source: [Etherscan](https://etherscan.io/token/0x856c4Efb76C1D1AE02e20CEB03A2A6a08b0b8dC3#balances) | Date: 10/16/2023
[Curve OETH/ETH pool](https://curve.fi/#/ethereum/pools/factory-v2-298/deposit): The primary DEX that contains protocol owned liquidity via the AMO.
[Pendle SY-OETH](https://app.pendle.finance/earn/fixed-yield/0x0a26e7ab5c554232314a8d459eff0ede72333f08/markets/0x62187066fd9c24559ffb54b0495a304ade26d50b/deposit?chain=ethereum): A yield futures platform that allows users to earn a fixed yield on their OETH and speculate on future yields.
[VaultCraft OETH](https://app.pop.network/vaults): A yieldfarming protocol that accepts OETH deposits.
[Curve frxETH/OETH pool](https://curve.fi/#/ethereum/pools/factory-v2-353/deposit): A strategy was recently approved by [Snapshot vote](https://vote.ousd.com/#/proposal/0x2a0439298a7088752030f8cd7d9bd30571f36301d7fe93245ce6e03d7f8305be) for this additional Curve pool paired with Frax frxETH.
## 2.2 Competitive Analysis Metrics
### 2.2.1 Market Share
The Origin ETH (OETH) token cannot be categorized as an ETH LSD token because OETH is backed with less than 50% of that asset type, primarily consisting of WETH allocated to the Curve AMO. This is in the process of changing, with Origin aiming to reduce AMO reliance to 25% or less of overall TVL. The approach taken in creating yield strategies is entirely different from the yields earned by issuers of ETH LSD tokens. Hence, they are not considered direct competitors.
DefiLlama categorizes OETH as a yield aggregator with primary competitors being Yearn and Beefy. Within this application category, OETH is the third largest platform by TVL. The closest direct competitor to OETH is perhaps Yearn's yETH, just launched in September 2023.
![](https://hackmd.io/_uploads/BkhYFfPfT.png)
Source: [DefiLlama](https://defillama.com/protocols/yield%20aggregator) | Date: 10/16/2023
### 2.2.2 Trading Volume Share in Total LSD Trading Volume
Not applicable, as OETH is a basket of liquid staking derivatives.
### 2.2.3 Protocol Staking Yield
OETH has historically offered highly competitive yields, although yields have been falling since inception. The higher yields are attributable to CRV and CVX rewards harvesting in the Curve pool, which is the primary strategy utilized by OETH.
<iframe src="https://dune.com/embeds/2432254/3996615" style="border:1px #ffffff none;" name="OETH Volume" scrolling="no" frameborder="1" marginheight="0px" marginwidth="0px" height="360px" width="800px" allowfullscreen></iframe>
Compared to the styETH ETH Staking Index, a benchmark for ETH staking yields, OETH cosistently outperforms. It likewise outperforms an competitor product by Yearn, yETH.
![](https://hackmd.io/_uploads/SyeoFfPza.png)
Source: DefiLlama and [Compass FinTech](https://www.compassft.com/indice/styeth/)
Compared to key LSD protocols, OETH has consistently outperformed in terms of yield.
![](https://hackmd.io/_uploads/HysoYzwfp.png)
Source: [DeFiLlama](https://defillama.com/yields/pool/423681e3-4787-40ce-ae43-e9f67c5269b3) | Date: 1/16/2023 - 10/16/2023
### 2.2.4 Slashing Rate
OETH holders are exposed to the underlying strategies and LSD tokens (e.g., slashing) deployed within the system. Given the intricate and evolving nature of these strategies and LSDs, understanding and quantifying the potential risk factors can be complex. Users must closely monitor the underlying assets and remain vigilant to system strategy changes. While the system is designed with robustness and security in mind, the complexity of its elements underscores the importance of cautious engagement and a thorough understanding of its operational mechanics.
## 2.3 Subsidization of Economic Activity
### 2.3.1 Existence of an Incentive Program
OGV is the governance and value accrual token for the Origin Dollar stablecoin (OUSD) and Origin Ether (OETH). Over 180 days, the cumulative USD value distributed as incentives for OGV stakers was $288,891 (as of September 29th, 2023). OGV can be staked as veOGV to earn governance rights for both OUSD and OETH and a share of the performance fees from both OUSD and OETH.
![](https://hackmd.io/_uploads/Bk32FMPMa.png)
Source: [Token Terminal](https://tokenterminal.com/terminal/projects/originprotocol)
According to StakeDAO Votemarket analytics, Origin has been offering OGV incentives to boost emissions to the OETH/ETH pool that amount to around $30/week. In the most recent epoch, the value of incentives doubled.
![](https://hackmd.io/_uploads/Sk8atGvGp.png)
Source: [VoteMarket](https://votemarket.stakedao.org/analytics)
# Section 3: Market Risk
This section addresses the ease of liquidation based on historical market conditions. It seeks to clarify (1) the Liquid Staking Basis & Volatility of wOETH, and (2) the liquidity profile of the collateral. Market risk refers to the potential for financial losses resulting from adverse changes in market conditions.
This section is divided into 2 sub-sections:
- 3.1: Volatility Analysis
- 3.2: Liquidity Analysis
## 3.1 Volatility Analysis
### 3.1.1 Liquid Staking Basis (LSB)
OETH aims to remain pegged to the price of ETH, exposing holders to Ethereum's price movements while earning a stable yield. Since launch, OETH has maintained peg reasonably well.
The LSB (Liquid Staking Basis) represents the price difference between OETH (liquid staking token) and its underlying asset, ETH. It measures the deviation of the OETH price from the ETH price.
![](https://hackmd.io/_uploads/SyIAtGPzp.png)
Source: [CoinMarketCap data](https://coinmarketcap.com/currencies/origin-ether/#Markets) | Date: 6/30/2023 to 9/27/2023
There have been two brief depeg events: first on June 2nd to a price of .992 ETH and a deeper depeg on July 30 to .981 ETH. In early June, the peg was jeopardized by a large holder (victim of the atomic wallet hack) selling into the Curve pool. The pool balance was quickly restored. The second event was attributable to the Curve pool hacks when Origin temporarily pulled all POL from the pool.
The chart below is from Curve pool on-chain data.
![](https://hackmd.io/_uploads/SkQkcMvzT.png)
Source: [Curve OETH/ETH pool](https://curve.fi/#/ethereum/pools/factory-v2-298/deposit)
### 3.1.2 Relative Volatility
The average daily return for 90 days is 1.77%, and the calculated annual volatility is 33.84%.
![](https://hackmd.io/_uploads/SJxlcMvz6.png)
Source: [CoinGecko](https://www.coingecko.com/en/coins/origin-ether/historical_data?start=2023-07-03&end=2023-10-01#panel)
The most significant deviation in daily returns took place on July 30 when Origin temporarily pulled all POL from the Curve pool.
![](https://hackmd.io/_uploads/SJRg9zPGp.png)
Source: [CoinGecko](https://www.coingecko.com/en/coins/origin-ether/historical_data?start=2023-07-03&end=2023-10-01#panel)
### 3.1.3 Yield Volatility
Daily OETH yield oscillated substantially from May to July, shortly after launch of the product. Yields have become much less volatile in recent months.
![](https://hackmd.io/_uploads/Sy9ZqGwzT.png)
Source: [DefiLlama](https://defillama.com/yields/pool/423681e3-4787-40ce-ae43-e9f67c5269b3) from May 29th to September 28th - "all-time."
## 3.2 Liquidity Analysis
### 3.2.1 Supported DEXs and CEXs
OETH has presence almost exclusively on Curve. It has no CEX listings.
![](https://hackmd.io/_uploads/r1KzqzPGT.png)
Source: [Nansen](https://pro.nansen.ai/token-god-mode?token_address=0x856c4Efb76C1D1AE02e20CEB03A2A6a08b0b8dC3) | Date: 10/3/2023
### 3.2.2 LSD Token Total On-chain Liquidity
The total OETH on-chain liquidity is $30,111,084 on October 3 and 97% share of total liquidity is on Curve DEX in the ETH/OETH pool with $59.85m TVL according to [DexGuru](https://dex.guru/liquidity/token/eth/0x856c4efb76c1d1ae02e20ceb03a2a6a08b0b8dc3?amm=curve&pool_address=0x94b17476a93b3262d87b9a326965d1e91f9c13e7).
![](https://hackmd.io/_uploads/rJcQcGvf6.png)
Source: [DexGuru](https://dex.guru/liquidity/token/eth/0x856c4efb76c1d1ae02e20ceb03a2a6a08b0b8dc3?amm=curve&pool_address=0x94b17476a93b3262d87b9a326965d1e91f9c13e7) | Date: 10/3/2023
### 3.2.3 Liquidity Utilization Rate
The OETH liquidity utilization rate (daily trade volume / liquidity) is usually quite low, with a large spike on July 30 when Origin removed all POL from the Curve pool temporarily.
![](https://hackmd.io/_uploads/Hk_E5MDf6.png)
Source: [DexGuru](https://dex.guru/token/eth/0x856c4efb76c1d1ae02e20ceb03a2a6a08b0b8dc3)
### 3.2.4 Leverage Ratio
OETH is not currently listed on any lending platforms.
### 3.2.5 Slippage
The DefiLlama slippage estimator (Token Liquidity) tool shows that a trade of $26,875,000 (16,306 OETH) over Paraswap will produce 1.33% trade slippage.
![](https://hackmd.io/_uploads/SktScMwMp.png)
Source: [DeFiLlama](https://defillama.com/liquidity) | Date: 10/3/2023
# Section 4: Technological Risk
This section addresses the persistence of collateral properties from a technological perspective. It aims to convey, (1) where technological risk arises that can change the fundamental properties of the collateral (e.g. unresolved audit issues), and (2) do any composability/dependency requirements present potential issues (e.g. is a reliable pricefeed oracle available?).
This section is divided into 3 sub-sections:
- 4.1: Smart Contract Risk
- 4.2: Product and Layer Composability
- 4.3: Oracle Pricefeed Availability
## 4.1 Smart Contract Risk
### 4.1.1 Protocol Audits
A complete list of Orgin audits (including for OUSD) can be found here: [https://github.com/OriginProtocol/security/tree/master/audits](https://github.com/OriginProtocol/security/tree/master/audits)
Two notable audits were explicitly made on OETH:
* [OpenZeppelin - Origin Dollar OETH Integration - May 2023](https://github.com/OriginProtocol/security/blob/master/audits/OpenZeppelin%20-%20Origin%20Dollar%20OETH%20Integration%20-%20May%202023.pdf)
* [Narya - Origin OETH Report - May 2023](https://github.com/OriginProtocol/security/blob/master/audits/Narya%20-%20Origin%20OETH%20Report%20-%20May%202023%20-%20Initial%20Report.pdf)
Only low-security findings, besides an Oracle issue (date feeds may be outdated), were brought up, which was corrected.
Recently, [OpenZeppelin audited](https://github.com/OriginProtocol/security/blob/master/audits/OpenZeppelin%20-%20Origin%20Balancer%20MetaPool%20Strategy%20-%20Sept%202023.pdf) the Balancer MetaPool Strategy. Several high and medium issues were brought up, which have all been acknowledged and addressed. Other audits on protocols systems and related strategies can be found here: [https://docs.oeth.com/security-and-risks/audits](https://docs.oeth.com/security-and-risks/audits)
### 4.1.2 Concerning Audit Signs
Despite having undergone rigorous audits and being based on the OUSD code base, the OETH protocol encompasses many complex elements, increasing the potential smart contract risk. Additionally, the DeFi strategies employed within the system constantly evolve, with Origin capable of implementing or removing strategies as needed. This dynamic nature of the strategies add another layer of complexity and potential risk. There are several trust assumptions highlighted in the aforementioned audit reports:
- The system relies on collateral maintaining an expected value, which can be undermined by potential slashing events.
- A number of oracle price feeds are used which are relied upon to operate properly.
- The Curve OETH/ETH pool and Convex booster contract are granted infinite approval to spend strategy assets and therefore trusted to operate properly.
### 4.1.3 Bug Bounty
Origin operates an active [bug bounty program](https://immunefi.com/bounty/origindefi/) via Immunefi. The rewards, determined entirely by Origin Protocol, span from $100 to $1,000,000 in OUSD, with the maximum bounty set at $1M for critical smart contract vulnerabilities.
The program explicitly covers OETH and OUSD contracts. It emphasizes preventing issues like fund loss, yield loss, fund freezing, unauthorized admin actions, governance malfunctions, stolen transaction details, subdomain takeovers, harmful wallet interactions, and malevolent transactions. As of June 2023, Origin has disbursed a total of $155,850.
### 4.1.4 Immutability
The OETH contract architecture uses a proxy pattern that allows upgrading contract logic while preserving the state in the proxy contracts. The proxy contracts act as persistent storage, while the logic contracts can be replaced.
This enables the DAO to add features and fix issues through on-chain voting rather than needing to deploy entirely new contracts each time. The core proxy contracts, like the Vault, remain persistent, while the logic implementation contracts can be upgraded subject to a timelock.
More details can be found on the [OETH contracts registry](https://docs.oeth.com/smart-contracts/registry/oeth-registry).
### 4.1.5 Developer Activity
Origin Protocol has over 20 repositories on GitHub. The [main repo](https://github.com/OriginProtocol/origin-dollar) shows regular code activity and has over 3,000 commits. The core protocol engineers are actively maintaining and improving the system.
The chart below shows monthly unique developers and dev commits over time across all Origin products:
<iframe width="640px" height="360px" src="https://defillama.com/chart/protocol/origin-defi?tvl=false&devMetrics=true&devCommits=true&denomination=ETH&groupBy=monthly&theme=light" title="DefiLlama" frameborder="0"></iframe>
Source: [DefiLlama](https://defillama.com/protocol/origin-defi?tvl=false&devMetrics=true&devCommits=true&denomination=ETH&groupBy=monthly)
### 4.1.6 SC Maturity
The initial OETH contracts were deployed in May 2023. The system shares much of its code with OUSD, Origin's yield-bearing stablecoin launched in 2020. OUSD reached over $300m in TVL, providing battle testing for core components like the vault strategy interactions.
### 4.1.7 Previous Incidents
OETH, since its inception in May 2023, has managed to avoid any direct exploits or losses. However, specific incidents have shed light on its dependency on timely actions by the strategist multisig, as well as the potential hazards of incorporating unaudited strategies.
In November 2020, a reentrancy bug that went unnoticed led to a $7 million exploit of Origin's OUSD stablecoin. The codebase had yet to be audited at the time. The subsequent month saw the relaunch of OUSD, fortified by multiple audits and security enhancements. The Origin community fund compensated all affected users. While this incident is unrelated to OETH, it underscores the persisting risks associated with smart contracts, even post-audit, and testifies to the team's dedication to shielding users from losses.
In June 2023, the strategist multisig momentarily pulled out funds from a newly unveiled Morpho strategy, routing them back to the OETH Vault using the withdrawAllFromStrategy function. This swift move was in response to a detected potential flaw in Morpho's interest rate model. Once the matter was resolved, the funds were redeposited on June 14th. This incident illustrates the multisig's agility in reacting to potential threats by extracting funds from questionable strategies. It also stresses the perils of prematurely integrating unaudited strategies without adequate real-world testing.
![](https://hackmd.io/_uploads/HkXP9fvMa.png)
Source: Origin Discord Server: [#DeFi-Governance-Forum](https://discord.com/channels/404673842007506945/1080502855720513557/1115408300616458381)
On July 30th, 2022, several pools of the Curve protocol were compromised. Within an hour, the Origin team expeditiously coordinated the withdrawal of OETH funds from Curve strategies as a precaution while the investigation was still underway. Such incidents emphasize the pivotal role of the strategist multisig team's timely coordination in ensuring OETH's security.
While OETH users have not faced direct exploits leading to losses since the May 2023 launch, the platform's heavy reliance on the strategist multisig team introduces a possible central point of failure. Their coordination and responsiveness are essential to security. Incorporating new, unaudited strategies also opens the door to latent threats. As of early October 2023, Origin confirmed having renewed their retainer with OpenZeppelin and that all new strategies will be audited before deployment.
## 4.2 Product and Layer Composability
### 4.2.1 Dependencies
The [OETHOracleRouter](https://etherscan.io/address/0xbE19cC5654e30dAF04AD3B5E06213D70F4e882eE#code) contract is set as [`priceProvider`](https://etherscan.io/address/0x39254033945AA2E4809Cc2977E7087BEE48bd7Ab#readProxyContract#F18) in the OETH Vault. This contract sources Chainlink pricefeeds for all underlying assets and reward assets.
![](https://hackmd.io/_uploads/SJv_5zPMa.png)
Source: [DethCode: OETHOracleRouter](https://etherscan.deth.net/address/0xbE19cC5654e30dAF04AD3B5E06213D70F4e882eE)
OETH relies on Chainlink price oracles to accurately evaluate the underlying LSD tokens and reward assets like CRV and CVX. This prevents overpaying for assets trading below the peg during minting/redeeming/harvesting.
The price feeds aim to ensure the protocol does not overpay for LSDs that may be trading below the peg. Since 1 OETH is intended always to be backed by 1 ETH, it may need to adjust the quantity minted or redeemed based on current market data. Additionally, when tokens are sold for additional yield, the protocol uses price feeds to check that price slippage does not exceed a reasonable bound.
Without sanity checks, inaccurate oracle prices could allow attackers to mint OETH at below-fair value if the LSD prices are manipulated downward or redeem OETH for excess collateral if LSD prices are pushed upward on the oracle, draining funds from the system. To prevent this, the OETH vault only uses oracles to penalize mints and redeems. This ensures the protocol gains or stays equal in stablecoin quantities, as a mint of 1 ETH of an LSD can never return more than 1 OETH and a redemption of 1 OETH will never return more than 1 ETH quantity of an LSD. While an attacker could exploit a depegged LSD and inaccurate oracle to alter the Vault's holdings, the protocol would profit if the LSD returned to peg. Overall, this approach protects against oracle manipulation risks in mints and redeems.
### 4.2.2 Withdrawals Processing
Users can permissionlessly redeem OETH for underlying assets through the Origin dapp or by calling `redeem` directly from the Vault contract. Redemptions attempt to withdraw first from the OETH Vault. If insufficient liquidity exists in the Vault, it will attempt to drain funds from the active strategies. This ensures users can always exit with their share of collateral, even if strategies are loss-making. Withdrawals return a pro-rata share of the collateral basket, exposing users to a composite of the underlying LSD tokens like rETH, stETH, and frxETH. OETH cannot be redeemed for ETH directly.
## 4.3 Oracles Pricefeed Availability
### 4.3.1 Understanding the Oracle
The code and contracts for a custom [OETH price oracle](https://github.com/OriginProtocol/origin-dollar/pull/1815) are in development in Origin Protocol's GitHub repository. The `OETHOracle` and `OETHOracleUpdater` contracts have not yet been audited or deployed on Ethereum mainnet.
<!--
The primary reason is insufficient demand from external applications or platforms, which does not justify deploying the oracle. Given the requisite maintenance, particularly in keeping prices updated, Origin has decided to wait to deploy until concrete intentions from third parties to incorporate the OETH Oracle into their systems emerge. As soon as there is evident interest and a clear need for the on-chain OETH price feed among other DeFi platforms, Origin plans to initiate an audit and deploy the OETH Oracle on the mainnet. It remains an undeployed code, poised for activation once the appropriate integration conditions are in place, paving the way for a comprehensive production launch.
-->
OETH pricing data for the custom oracle comes primarily from the Curve OETH/ETH pool using the manipulation-resistant Curve Exponential Moving Average (EMA) oracle. The oracle is designed to be resilient against manipulation. The Curve EMA oracle prevents dramatic price changes compared to using the spot price.
In case the Curve EMA price is below what a user could receive from direct redemption, the oracle will return the aggregate redemption value. The OETH Vault floorPrice() gives a minimum redemption value for OETH, which acts as a price floor if market prices drop due to an attack. The OETHOracleUpdater accounts for the Curve EMA market price and OETH Vault floor price when calculating the final published OETH/ETH rate.
Origin will use Chainlink Automation to update the oracle daily and if prices deviate by 0.5%. The oracle will be deployed once external applications demonstrate a need for the on-chain OETH price feed. The decentralized dual data sourcing provides reliable, manipulation-resistant OETH pricing.
**OETH Oracle Architecture**
The OETH Oracle provides on-chain pricing for OETH relative to ETH using data sourced from decentralized exchanges and the OETH Vault. It consists of two smart contracts - the OETHOracle stores historical price snapshots, while the OETHOracleUpdater aggregates data into new prices. The OETHOracle implements the Chainlink AggregatorV3Interface standard to serve price feeds to applications.
![](https://hackmd.io/_uploads/rknK5fPMT.png)
Source: [OETH Oracle Solution Design](https://originprotocol.notion.site/OETH-Oracle-Solution-Design-f23b96ad4eab4e82a568ba0c74afc396)
The OETHOracleRouter fetches price data for OETH's underlying assets from Chainlink oracles in 5 steps:
**Step 1 - Define Chainlink price feeds**: With function *feedMetadata* is specified which Chainlink feeds will be used for each asset (in OETH case - OETH underlying assets) and the maximum staleness allowed for the data of that price feeds.
![](https://hackmd.io/_uploads/rk1sczDf6.png)
Source: [ContractReader](https://www.contractreader.io/contract/mainnet/0xbE19cC5654e30dAF04AD3B5E06213D70F4e882eE)
**Step 2 - Fetch latest price feeds data**: By calling the *price (address asset)* function with any of OETH's underlying assets address as argument, Contract first fetches the metadata for the Chainlink feed using *feedMetadata*. Then, it uses the Chainlink *AggregatorV3Interface* to fetch the latest price data.
![](https://hackmd.io/_uploads/H1FsczPG6.png)
**Step 3 - Validate staleness**: Then contract compare timestamp when is price feed updated (*updatedAt*) with maximal staleness value (*maxStaleness*).
![](https://hackmd.io/_uploads/Hkah5GPfp.png)
**Step 4 - Validate price range (*MIN_DRIFT* and *MAX_DRIFT*)**: Then the contract checks if OETH underlying price assets are within the defined price range.
![](https://hackmd.io/_uploads/HJfR5fDM6.png)
**Step 5 - OETHOracleRouter**: The OETHOracleRouter smart contract is built on the OUSDOracleRouter contract codebase but has implementation differences. OETHOracleRouter denominates all underlying asset prices in ETH and does not do range checks as a "parent" contract
![](https://hackmd.io/_uploads/SJNysMvfT.png)
### 4.3.2 Token Liquidity and Distribution
Liquidity for the underlying LSDs like rETH, stETH, and frxETH is more widely distributed across DEXs. However, OETH itself remains highly concentrated on Curve. OETH is primarily liquid in Curve's [OETH/ETH pool](https://curve.fi/#/ethereum/pools/factory-v2-298), which contains about 25% of the circulating OETH supply as of October 17. On the contrary, the amount of OETH on Uniswap is comparatively small, with approximately 100 ETH in the [UniV3 pool 0.05%](https://info.uniswap.org/#/pools/0x52299416c469843f4e0d54688099966a6c7d720f).
Recently, a [proposal](https://gov.curve.fi/t/proposal-to-add-frxeth-oeth-to-the-gauge-controller/9636) was submitted to Curve governance to add a gauge for a new frxETH/OETH pool. This proposal aims to increase liquidity and trading volumes for OETH and Frax's frxETH by incentivizing the pool through CRV emissions rewards.
The gauge would help attract more liquidity into Curve's frxETH/OETH pool if approved. This can improve overall OETH liquidity across venues, although the pairing with frxETH presents less utility. The proposal notes that a meaningful portion of the current ETH/OETH pool liquidity may migrate to the new frxETH pool if the incentives are approved.
### 4.3.3 Attack Vectors
The OETH/ETH pools have relatively low liquidity currently, making manipulation attacks more feasible. A temporary distortion on Curve could provide erroneous data to the oracle. Furthermore, high reliance on a single pool/DEX (Curve OETH/ETH pool) depends on reliable operation of the pool and the AMO strategy employed by the protocol.
The Chainlink oracles could theoretically be manipulated to provide inaccurate pricing data. However, each aggregated Chainlink price feed sources data from multiple independent nodes across multiple exchanges.
### 4.3.4 Associated Vulnerabilities
**Bad Debt Creation**: In a successful price feed manipulation attack, one direct impact could be the creation of bad debt for the Protocol. Lending protocols rely on accurate price feeds to maintain appropriate collateralization ratios. If the price feed is manipulated to reflect an inaccurate price, attackers may perform malicious actions to create bad debt.
**Faulty Liquidation**: If an oracle is manipulated to drastically lower the price of a collateral asset in a lending protocol, it could trigger unjust liquidations of user positions, causing financial losses and disrupting the normal operations of the protocol.
# Section 5: Counterparty Risk
This section addresses the persistence of wOETH’s properties from an ownership rights perspective (i.e. possession, use, transfer, exclusion, profiteering, control, legal claim). The reader should get a clear idea of (1) who can legitimately change properties of the collateral (e.g. minting additional units) and what their reputation is, (2) the extent that changes can be implemented and the effect on the collateral.
This section is divided into 3 subsections:
- 5.1: Governance
- 5.2: Economic Performance
- 5.3: Legal
## 5.1 Governance
### 5.1.1 Governance Scope
OGV token holders govern the OETH smart contracts through on-chain voting. This governance mechanism allows OGV stakers to submit and vote on proposals to upgrade contracts, adjust parameters, or make other changes to the protocol.
Any address holding at least 10,000,000 vested OGV (veOGV) can submit a proposal. A minimum of 20% of the total veOGV supply is required to reach a quorum for a vote to succeed. There is no minimum token requirement to vote on existing proposals.
Once a vote succeeds, there is a 48-hour timelock period before the proposed changes can be executed. This delay gives users time to react to any proposal outcomes they disagree with.
![](https://hackmd.io/_uploads/SkLljfPMp.png)
Source: [Origin's governance hub](https://governance.ousd.com/)
### 5.1.2 Access Control
The contracts' access controls are managed by the `governor` and `strategistAddr` roles specified in the system contracts. The `governor` is responsible for critical functionality which includes upgrades to system contracts and governance management of the timelock contract. The `strategistAddr` manages operations pertaining to vault strategies.
The `governor` was previously set to a team-controlled 5-of-8 admin multisig, but has been transferred to the DAO-controlled [OUSD governance](https://etherscan.io/address/0x3cdD07c16614059e66344a7b579DAB4f9516C0b6) contract as of this [vote](https://governance.ousd.com/proposals/60127460066716072805305730230562711986374817810401097387874154291162876031906) execution on July 3, 2023. The `strategistAddr` is set to a team-controlled 2-of-9 strategist multisig. The identity of these signers is not disclosed. Origin claims they are all unique, trusted individuals with close ties to Origin.
**Admin 5-of-8 multisig**: [0xbe2AB3d3d8F6a32b96414ebbd865dBD276d3d899](https://etherscan.io/address/0xbe2AB3d3d8F6a32b96414ebbd865dBD276d3d899)
**Strategist 2-of-9 multisig**: [0xF14BBdf064E3F67f51cd9BD646aE3716aD938FDC](https://etherscan.io/address/0xF14BBdf064E3F67f51cd9BD646aE3716aD938FDC)
**Signers (same for both)**:
* [0xAbBca8bA6d2142B6457185Bec33bBD1b22746231](https://etherscan.io/address/0xAbBca8bA6d2142B6457185Bec33bBD1b22746231)
* [0xce96ae6De784181d8Eb2639F1E347fD40b4fD403](https://etherscan.io/address/0xce96ae6De784181d8Eb2639F1E347fD40b4fD403)
* [0x336C02D3e3c759160E1E44fF0247f87F63086495](https://etherscan.io/address/0x336C02D3e3c759160E1E44fF0247f87F63086495)
* [0x6AC8d65Dc698aE07263E3A98Aa698C33060b4A13](https://etherscan.io/address/0x6AC8d65Dc698aE07263E3A98Aa698C33060b4A13)
* [0x617a3582bf134fe8eC600fF04A194604DcFB5Aab](https://etherscan.io/address/0x617a3582bf134fe8eC600fF04A194604DcFB5Aab)
* [0x244df059d103347a054487Da7f8D42d52Cb29A55](https://etherscan.io/address/0x244df059d103347a054487Da7f8D42d52Cb29A55)
* [0xab7C7E7ac51f70dd959f3541316dBd715773158B](https://etherscan.io/address/0xab7C7E7ac51f70dd959f3541316dBd715773158B)
* [0xe5888Ed7EB24C7884e821b4283472b49832E02f2](https://etherscan.io/address/0xe5888Ed7EB24C7884e821b4283472b49832E02f2)
Strategy operations (e.g., adjusting funds among strategies or temporarily stopping deposits) require less time and fewer authorizations, enabling the Origin team to respond swiftly to changes in market circumstances or potential security issues. Strategists can carry out a restricted set of functions with the approval of only 2-of-9 authorized signers. The strategist can only allocate funds between previously approved strategies. DAO-governance can set the `strategistAddr` role, if needed.
The strategist multisig can do the following actions on the Vault:
* `depositToStrategy` - deposit multiple assets from the Vault into the strategy.
* `withdrawFromStrategy` - withdraw multiple assets from the strategy to the Vault.
* `setVaultBuffer` - adjust the funds held outside strategies for cheaper redeems.
* `setAssetDefaultStrategy` - which strategy mints and redeems pull from for a particular strategy
* `withdrawAllFromStrategy` - remove funds from a single strategy and send them to the Vault
* `withdrawAllFromStrategies` - remove funds from all active strategies and send them to the Vault
* `pauseRebase` - pause all rebases
* `pauseCapital` - pause all mints and redeems
* `unpauseCapital` - allow all mints and redeems
* `swapCollateral` - swaps collateral assets sitting in the Vault
### 5.1.3 Distribution of Governance Tokens
According to the [Governors Leaderboard](https://governance.ousd.com/leaderboard) from the OUSD Governance portal, one address has over 50% of veOGV voting power and is the Origin team-controlled admin 5-of-8 multisig. Only 27 unique addresses have voted on any proposals. Although technically governed by a DAO, the team clearly retains unilateral power to govern the protocol.
![](https://hackmd.io/_uploads/B1LZsMvz6.png)
Source: [OUSD Governance portal](https://governance.ousd.com/leaderboard)
### 5.1.4 Proposals Frequency
Since June 20th, 2022, Origin DAO (initially only responsible for OUSD governance) has put forth 104 proposals. From that date to the present (October 6th, 2023), Origin DAO has introduced a new proposal approximately every 4.54 days. Although this seems frequent, the majority of these DAO proposals pertain to yield strategy optimization. Additionally, the Origin team multisig controls the majority of the voting power, making these proposals appear more like formal announcements for specific changes.
Out of the 104 proposals, 96 were decided off-chain on the Snapshot platform, one served as a "temperature check," and seven proposals were deliberated on-chain (sources: [Messari](https://messari.io/project/origin-dollar/governance/votes) and DeepDAO).
### 5.1.5 Participation
According to data from Messari, a total of 96 proposals first went through off-chain Snapshot voting. There have been a total of 18 proposal authors, and in the off-chain voting process there have been 70 unique voter addresses (metrics do not include addresses which delegated to them). The off-chain proposal pass rate is 62% (not counting missed quorum).
![](https://hackmd.io/_uploads/ByVzsfPGp.png)
Source: [Messari Governor](https://messari.io/project/origin-dollar/governance/off-chain)
## 5.2 Economic Performance
### 5.2.1 Revenue Source
The protocol charges a 20% performance fee on all yield earned. It has historically reinvested all protocol revenue into acquiring governance stake in "flywheel assets" such as CVX to boost emissions to the OETH pools. As of a recent [Snapshot vote](https://vote.ousd.com/#/proposal/0x66a9e0040db9a6f993a43edfb6058d7a8eee355fdf866878ab9e990be38672f6), a portion of the revenue may be allocated to buying back Origin's OGV governance token.
### 5.2.2 Revenue
Origin's revenue from OETH can be tracked in real time on the Dune dashboard.
As of October 6th, 2023, Origin has generated over 130 OETH (≈$211,460) in revenue.
<iframe src="https://dune.com/embeds/2519744/4147730" style="border:1px #ffffff none;" name="OETH Volume" scrolling="no" frameborder="1" marginheight="0px" marginwidth="0px" height="360px" width="800px" allowfullscreen></iframe>
<iframe src="https://dune.com/embeds/2519744/4147727" style="border:1px #ffffff none;" name="OETH Volume" scrolling="no" frameborder="1" marginheight="0px" marginwidth="0px" height="360px" width="800px" allowfullscreen></iframe>
### 5.2.3 Net Profit
Information is not available on operating costs.
## 5.3 Legal
### 5.3.1 Legal Structure
The website https://www.oeth.com/ states its original affiliation with Origin Protocol. The Terms of Service, which can be directly accessed from the website's landing page, are connected to https://www.originprotocol.com/tos. The referenced document asserts that the website is the property of Origin Protocol Labs, a legal entity domiciled in the Cayman Islands.
Concerning the ownership structure of Origin Protocol Labs, our efforts to uncover detailed information have needed to be improved by the fee-gated access imposed by the Cayman Islands General Registry. Without this data, a complete understanding of the entity's operational and ownership dynamics remains elusive.
### 5.3.2 Licenses
In our risk assessment of [wstETH](https://hackmd.io/@PrismaRisk/wsteth#54-Legal), we outlined the regulatory framework governing staking service providers domiciled in the Cayman Islands.
>The Cayman Virtual Asset Service Providers Act (VASP Act), revised in 2020, established a comprehensive regulatory registration and licensing system for VASPs. This Act enforces FATF Recommendation 15 (New technologies), focusing on international standards to counter money laundering, financing of terrorism, and proliferation. Every blockchain-based token that can be technically transferred or exchanged falls under the definition of a virtual asset according to the VASP Act, regardless of its programmed properties or intended use. The Act does not differentiate between what are typically referred to as utility tokens, security tokens, and stablecoins. However, "virtual service tokens" are not considered virtual assets. The VASP Act excludes "virtual service tokens," which are "a digital representation of value which is not transferable or exchangeable with a third party at any time and includes digital tokens whose sole function is to provide access to an application or service or to provide a service or function directly to its owner."
Currently, there are no extant restrictions or prohibitions on the staking of tokens, as imposed by the regulatory authorities in the jurisdiction or as stipulated in the applicable legal statutes.
### 5.3.3 Enforcement Actions
The SEC maintains that the Origin Protocol does not appear on the public [Crypto Assets and Cyber Enforcement Actions List](https://www.sec.gov/spotlight/cybersecurity-enforcement-actions). Furthermore, we have yet to find specific information on lawsuits against Origin Protocol brought by other regulators.
### 5.3.4 Sanctions
In light of our inquiry regarding the safeguards implemented to ensure compliance with the most recent sanctions designations, the team explained that OETH's front end is unavailable in the US. Furthermore, they have instituted robust operational protocols to prevent access to front-ends from all countries subject to sanctions administered by the Office of Foreign Assets Control (OFAC). A list of different sanctions programs is available [here](https://ofac.treasury.gov/sanctions-programs-and-country-information).
### 5.3.5 Liability Risk
The front end is distinctly offered on an "as-is" and "as-available" basis. Origin Protocol Labs and its suppliers disclaim all warranties and conditions, whether express, implied, or statutory. This includes disclaiming warranties of merchantability, fitness for a particular purpose, title, quiet enjoyment, accuracy, and non-infringement. The explicit absence of warranties extends to the uninterrupted, timely, secure, error-free availability of the website, as well as its accuracy, reliability, completeness, legality, and safety.
A stringent limitation on liability is instituted. Origin Protocol Labs is not liable for lost profits, data, and costs associated with substitute products or any indirect, consequential, exemplary, incidental, special, or punitive damages. This limitation prevails even if Origin Protocol Labs has been apprised of potential damages and the use of the front-end is expressly at the user's risk. Users are solely responsible for any damages to their device or computer systems or data loss resulting from the front-end usage. Origin Protocol Labs's liability is capped at $50, a constraint that remains unaltered by multiple claims.
ToS provisions detail an agreement regarding resolving disputes through arbitration rather than jury trials or class actions. The American Arbitration Association (AAA) or an alternative dispute resolution provider oversees the arbitration if AAA is unavailable. The arbitrator has the authority to decide the rights and liabilities of the involved parties and is empowered to grant motions and award monetary and non-monetary reliefs. Awards and decisions are provided in writing, with the arbitrator possessing similar authority as a judge in a court of law.
The parties waive their rights to a jury trial, electing for all disputes to be resolved by arbitration, which is typically a more limited, efficient, and less costly process. All claims must be litigated or arbitrated individually, not on a class basis. Defamation claims, Computer Fraud and Abuse Act violations, and infringement or misappropriation of intellectual properties are exempt from arbitration. If litigation occurs in court, the parties consent to the jurisdiction of courts located within Grand Caymans.
While Origin has implemented stringent measures to mitigate liability, it is not entirely immune from risks. Jurisdictional variations, the potential unenforceability of clauses, and the inherent challenges associated with arbitration, including costs and the finality of decisions, underscore the complexities.
### 5.3.6 Adverse Media Check
We conducted an open-source search encompassing money laundering, corruption, sanctions exposure, threat financing, or involvement in illegal activities to identify allegations or reports associated with Origin Protocol that reputable news outlets and other publications have published.
This inquiry yielded no evidence or indications that Origin Protocol has been implicated or convicted in such nefarious activities. Our search did not unveil any sources directly addressing or reporting legal complications, regulatory confrontations, or adverse information relating to the Origin Protocol. Consequently, based on the currently available public information, Origin Protocol does not appear to have any documented involvement in activities that would breach legal or ethical standards.
# Section 6: Risk Management
This section will summarize the findings of the report by highlighting the most significant risk factors in each of the three risk categories: Market Risk, Technology Risk, and Counterparty Risk.
### 6.1.1 Market Risk
**LIQUIDITY: Does the token have a liquid market that can facilitate liquidations in all foreseeable market events?**
OETH faces liquidity risk as its market depth resides almost exclusively in the Curve OETH/ETH pool. Expanding across DEX venues can improve resilience. Thanks to active liquidity management from the Curve AMO, there has historically been a significant amount of the token supply available on exchange. This assumption should be monitored, as a recent vote passed to reduce reliance on the AMO to a maximum 25% of system collateral.
According to Dex Guru, OETH on-chain liquidity has declined by over 50% in a two week time period since October 13. As of October 17, a ~$13m swap from OETH to ETH produces a 1% slippage, according to the DeFiLlama Token Liquidity tool.
**VOLATILITY: Has the asset had any significant depeg events?**
The AMO aims to maintain the 1:1 OETH/ETH peg during normal conditions. However, issues with underlying strategies or dependent platforms could cause instability in the peg. This was realized briefly on July 30 when all OETH POL was temporarily removed from the Curve pool during the Curve pool hack, causing OETH to trade at a 2% discount to ETH.
As new yield strategies are added via governance votes, OETH's risk profile evolves dynamically. Problems with strategies could induce volatility and peg deviations. OETH's intricate strategies and dependence on external protocols may increase its volatility risk compared to simpler LSD models. Changes to strategies, governance actions, and issues with dependent platforms warrant close monitoring to assess impacts on market risk.
<!--
#### Depeg Risk
The AMO is designed to restore the peg in ordinary circumstances, and all funds remain secure during this process. Additionally, if the amount of ETH in the pool decreases, it becomes more profitable for the AMO strategy to increase its allocation to restore balance. This serves as a dynamic response mechanism to maintain the stability of the OETH value. As a significant of the Curve pool consists of protocol-owned liquidity from the AMO, it is unlikely that a depeg could persist except from an underlying protocol failure (e.g., Contract exploit resulting in loss of user funds).
There are several scenarios in which OETH could risk de-pegging from its intended value. These include significant additions or removals from the Curve pool, a strategy becoming loss-inducing, or an exploit related to the Automated Market Maker Operations (AMO). For instance, if a large holder were to sell into the Curve pool, it could temporarily destabilize the peg.
-->
### 6.1.2 Technology Risk
**SMART CONTRACTS: Does the analysis of the audits and development activity suggest any cause for concern?**
Smart contract risk is elevated due to the intricate strategy interactions. Although the code has been audited by multiple external firms, the dynamic nature of strategies being added/removed increases potential vectors.
The Origin team has expressed a commitment to have audits for all added strategies and has been fairly conservative with implementing additional strategies. Furthermore, the OETH contracts are based on OUSD which has been in production since 2020, improving the maturity of the system. There is also an active bug bounty program with ImmuneFi.
**DEPENDENCIES: Does the analysis of dependencies (e.g. oracles) suggest any cause for concern?**
The OETH system depends on the integrity of both Chainlink price feeds and Frax's custom on-chain oracle (in the case of frxETH) during minting, redemption, and harvesting. There are sanity checks to ensure the system never prices a normalized unit price for more than one unit of OETH/OUSD when minting and never gives out more than one normalized unit amount per OETH during redemption.
OETH also leverages DeFi platforms such as Aave, Compound, and Curve, introducing notable smart contract risks. While the team collaborates with platforms managing billions in assets and conduct due diligence regarding their security, there is no absolute certainty of their continued flawless operation. Any malfunction in these underlying strategies could potentially result in a loss for OETH holders.
The only OETH pricefeed available is from the Curve pool EMA, which creates a dependence on this liquidity venue for any lending protocol integrations. Origin is developing a custom OETH oracle that will use the curve EMA unless that price is below what you could redeem directly from the OETH vault, in which case it totals up the prices of what could be withdrawn from the vault for OETH. This custom oracle has not yet been audited or deployed.
Withdrawal processing risk is low since users can exit strategies directly at any time for a pro rata share of all constituent collateral assets. The risk lies primarily in the performance of the underlying strategies, since failure associated with a strategy or the associated LSD token may impact the redemption value.
<!--
**AMO Dependency**
Origin uses the AMO system to provide large amounts of liquidity at a lower cost to the protocol. However, it is crucial to remember the risk of bad debt. The system's ability to prevent bad debt largely hinges on the effectiveness of the AMO's interactions with the OETH/ETH Curve pool. If the overall impact of the AMO's transactions with the pool (i.e., deposits and withdrawals) results in positive slippage, they generate a profit and maintain full financial backing. Notably, while the AMO funnels all yield farming revenue towards OETH, it also has the potential to generate additional profits or suffer losses through arbitrage within the pool.
Liquidity Providers (LPs) also face specific risks within this system. For instance, if a substantial amount of ETH is removed from the pool, as seen in early June, the ensuing imbalance can amplify the profit opportunity for the AMO through arbitrage. Conversely, bad debt can creep into the system if the AMO's transactions lead to an imbalance in the pool, thereby causing negative slippage. In such circumstances, the AMO's best strategy is to let the pool imbalance escalate. Eventually, they can capitalize on this situation by restoring balance to the pool while profiting from the losses sustained by those who withdrew their ETH.
As of October 3rd, Origin's POL in the Curve ETH/OETH pool amounts to 76% of the pool composition. This can be determined by comparing the value in the [ConvexEthMetaStrategy](https://debank.com/profile/0x1827f9ea98e0bf96550b2fc20f7233277fcd7e63) with the [OETH pool liquidity](https://etherscan.io/address/0x94b17476a93b3262d87b9a326965d1e91f9c13e7).
![](https://hackmd.io/_uploads/Syo0JCYep.png)
![](https://hackmd.io/_uploads/SydKdCFgT.png)
Source: Curve pool total liquidity vs. OETH AMO liquidity - October 3rd, 2023
-->
### 6.1.3 Counterparty Risk
**CENTRALIZATION: Are there any significant centralization vectors that could rug users?**
Centralization risk is currently significant. The team-controlled strategist multisig wields considerable control over assets and operations. Although the governor role was transferred to DAO governance in July, the team-controlled admin multisig continues to make up over 50% of the overall vote power. While the transition to on-chain governance is commendable, the diffusion of vote power should be monitored to ensure a transition over time to genuine decentralized governance.
Multisigs, when employed properly, can enhance security. Distributing and diversifying the critical signing process among numerous participants, primarily external entities, can heighten this security. However, OETH's low signing threshold (2-of-9) may expose it to increased risk, as there are more opportunities for keys to become compromised. On the other hand, the addition of new strategies is now managed by the DAO and undergoes a 48h timelock.
**LEGAL: Does the legal analysis of the protocol suggest any cause for concern?**
A legal risk is associated with the protocol control held by multisig signatories. The identities and jurisdictions of these signers are not disclosed, making regulatory exposure unclear. Although the team has clarified that Origin Protocol Labs neither issues nor operates OETH and has no involvement in token sales or its operations, the jurisdictional implications remain ambiguous. They assert that OETH operates under a fully decentralized system without any single entity or group's oversight. Based on this, they believe they do not fall under the Cayman's VASP Act's purview, as they neither act as a Virtual Asset Service Provider nor engage in any services defined in the Act.
<!--
### Custody Risk
The trust in the OETH system lies with OGV holders and the signers who hold the multi-sig keys. These signers are responsible for properly handling the assets within the system and must be trusted not to engage in actions such as infinite minting, which could destabilize the system. However, to provide a layer of security and trust, a 48-hour timelock mechanism is in place. This ensures that significant actions cannot be executed immediately, offering a window of time for potential issues to be identified and addressed.
OETH also leverages DeFi platforms such as Aave, Compound, and Curve, introducing notable smart contract risks. While the team collaborates with platforms managing billions in assets and conduct due diligence regarding their security, there is no absolute certainty of their continued flawless operation. Any malfunction in these underlying strategies could potentially result in a loss for OETH holders.
-->
### 6.1.4 Risk Rating
The following chart summarizes a risk rating for wOETH as collateral based on the risks identified for each category. The rating for each category is ranked from excellent, good, ok, and poor.
* We rank wOETH as **ok on liquidity** because most of its liquidity resides in the Curve OETH/ETH pool, making access to liquidity highly reliant on a single liquidity venue.
* We rank wOETH as **good on volatility** because while the complex interactions between strategies and reliance on external protocols increase potential depeg risk, the protocol makes significant use of an AMO that should manage the peg during normal operation.
* We rank wOETH as **ok on smart contracts** because although the code has undergone rigorous audits of the proven OUSD codebase, the system fundamentally relies on dynamic strategies. Bugs may be introduced in strategy updates, increasing uncertainty of smart contract security, despite the stated effort of the team to thoroughly audit new strategies.
* We rank wOETH as **ok on dependencies** because the only OETH price feed available is the Curve pool EMA, which although has been audited it is a new design and creates a reliance on the Curve liquidity venue. Origin has a custom oracle based on the EMA in development but it is not yet ready for deployment.
* We rank wOETH as **ok on decentralization** as most access controls, including timelock, now rests with token holders (although the team has majority governance power), and the strategist multisig maintains a notable influence over its operations.
* We rank wOETH as **ok on legal** due to the regulatory framework in the Cayman Islands, but concerns arise from unclear licensing and ownership. More reliance on ToS clauses can create enforceability doubts. For clearer legal standing, it is crucial to have explicit user acknowledgments of risks tied to DeFi activities. This specificity strengthens the clarity of general terms and the validity of disclaimers, reducing ambiguities and potential legal issues.
<iframe src='https://flo.uri.sh/visualisation/14951150/embed' title='Interactive or visual content' class='flourish-embed-iframe' frameborder='0' scrolling='no' style='width:100%;height:600px;' sandbox='allow-same-origin allow-forms allow-scripts allow-downloads allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation'></iframe><div style='width:100%!;margin-top:4px!important;text-align:right!important;'><a class='flourish-credit' href='https://public.flourish.studio/visualisation/14951150/?utm_source=embed&utm_campaign=visualisation/14951150' target='_top' style='text-decoration:none!important'><img alt='Made with Flourish' src='https://public.flourish.studio/resources/made_with_flourish.svg' style='width:105px!important;height:16px!important;border:none!important;margin:0!important;'> </a></div>
The primary blocker from making wOETH suitable as a collateral type is the need for a OETH price feed oracle that is both highly reliable and readily available. Origin has an oracle in development that is awaiting audit and deployment. Ideally, there should be broader adoption of OETH across multiple exchanges, as there is currently a high reliance on the OETH/ETH Curve pool. As seen on July 30 when several Curve pools were hacked, essentially all OETH liquidity was temporarily removed as a precaution. To reduce the risk of accruing bad debt to the protocol in a similar future event, there should be emphasis on building liquidity on several venues.
Two particular strengths of OETH are its AMO strategy and withdrawal processing. The AMO strengthens the peg, ensuring OETH tightly tracks the price of ETH during normal operation. Because withdrawals are always available during normal operation (for a 0.5% fee), there is a strong assurance that OETH can be readily redeemed for a proportional share of its underlying LSD assets.
OETH poses a somewhat different risk profile than the LSD assets we have previously reviewed, including a compounded risk by having exposure to multiple underlying LSDs. Ultimately, so long as users appreciate the inherent risk of OETH exposure, with the introduction of the OETH price oracle, we believe wOETH can be adopted as a collateral asset.