wOETH - Yield Nest Collateral Risk Brief

# wOETH - Yield Nest Collateral Risk Brief ## Market Liquidity OETH on-chain liquidity is predominantly in Curve pools, to maintain its peg OETH utilizes an Automated Market Operations strategy (AMO) which expands and contracts supply of ETH and OETH depending on market conditions. Additionally the algorithmic market controller is used to optimize yield for OETH holders from LP reward. This creates a significant dependence on a single DEX. 2 centralized exchanges improve market depth (via MEXC and Poloniex) with both markets consistently facilitating a large proportion of daily OETH volumes. ## Token Volatility No significant depeg events were noted from underlying ETH, with daily returns and price differences (Liquid staking basis) being relatively similar or differing marginally over two 90 day periods observed in 2023 (7/1/2023 - 9/27/2024) and 2024 (4/25/2024 - 7/24/2024). ![311 OETH Liquid Staking Basis over 90 days](https://hackmd.io/_uploads/BkzX7ERo0.png) Source: [Coingecko Historical Data](https://www.coingecko.com/en/coins/origin-ether/historical_data) | 4/24/2024 - 7/23/2024 ## Smart Contracts OETH contracts are upgradable via a proxy and an implementation contract, preserving the state in the proxy contracts. Based on forked OUSD code, OETH inherits historic security audits performed on OUSD. 2 audits have been done that relate to OETH: [Perimeter, OETH Vault Fuzzing, March 2024](https://github.com/OriginProtocol/security/blob/master/audits/Perimeter%20-%20OETHVault%20-%20March%202024%20-%20Fuzzing%20Report.pdf) and [OpenZeppelin, OETH Native Staking, June 2024](https://github.com/OriginProtocol/security/blob/master/audits/OpenZeppelin%20-%20Origin%20SSV%20Native%20Staking%20-%20June%202024.pdf). 1 high risk finding was noted in the Perimeter audit based on potential rounding error vulnerabilities that relate to OETH redemptions which seems to be mitigated with an initial minimum exit fee and soon an async withdrawal process that will remove the need for a fee. 2 medium and 1 low severity risks were identified in the OppenZepplin audit which assessed OETH’s native staking strategy through an integration with SSV Network, a Decentralized validator technology service provider. 1 medium and the sole low severity concerns were resolved, while the remaining medium severity finding was acknowledged but now resolved. Since its transition from an ETH-index token to a liquid staking token, the recent nature and the limited number of these audits introduces potential unseen technical risks that should be noted. The technical [team](https://www.originprotocol.com/team) seem experienced and capable, notably Daniel Von Fange, a senior engineer in security and data analysis. ## External Factors/Dependencies OETH utilizes a custom price feed that accesses aggregated Chainlink data. The OETH/ETH oracle, an EACAggregatorProxy contract, is used as a trusted proxy for updating price feeds fetched from an underlying Chainlink aggregator. The contract has yet to be audited. The oracle hardcodes 1OETH = 1ETH, In the event of a OETH/ETH depeg, liquidations may be prevented. Native staking is enabled through SSV Network, the [NativeStakingSSVStrategy](https://etherscan.io/address/0x34edb2ee25751ee67f68a45813b22811687c0238) contract manages validators and staking operations on the network. Origin currently use P2P, a professional staking service provider, to manage their validators. Withdrawal options will soon expand to include async withdrawals (validator exiting queues to process redemptions) and an [Automated Redemption Manager](https://www.originprotocol.com/arm-announcement) (swaps based on lending rates and not on a bonding curve) to reduce dependency on the OETH vault for 1:1 withdrawals. ## Centralization Vectors The Origin team-controlled [strategist multisig](https://etherscan.io/address/0xf14bbdf064e3f67f51cd9bd646ae3716ad938fdc) controls important functions related to assets and protocol operations. The team-controlled [admin multisig](https://etherscan.io/address/0xbe2ab3d3d8f6a32b96414ebbd865dbd276d3d899) has significant influence over governance votes and therefore the outcomes of governance. The use of a single validator operator in P2P presents 3rd party centralization risk of staked funds, however since P2P provides services to over 130 institutional clients and has over $7.5B in TVL they should be considered a credible and low risk operator. ## Legal Status The website https://www.oeth.com/ states its original affiliation with Origin Protocol, the website is the property of Origin Protocol Labs, a legal entity domiciled in the Cayman Islands. Origin Protocol Labs neither issues nor operates OETH and has no involvement in token sales or its operations, the jurisdictional implications remain ambiguous. This indicates a potential vector for risk. ## Conclusion Liquidity and centralization present clear risks that should be highlighted, liquidity is concentrated in Curve but it should be noted upcoming avenues have been developed in the form of ARM and async withdrawals that reduce dependence on the OETH vault and Curve pools. The team retains significant controls over operations and governance. The presence of a custom Chainlink oracle, recent audits and historic low volatility indicate an asset that continues to make positive iterations since its transition from an ETH-index token to a pure liquid staking token which has materially improved OETH’s overall risk profile.