Want to read the full report? You can find it on our GitHub.
Following its successful audit by OpenZeppelin, Origin Ether launched on Mainnet on May 16th, 2023.
Security is a top priority for Origin DeFi, with over a dozen audits conducted for the protocol’s yield-bearing tokens over the past two years from OpenZeppelin, Certora, Solidified, and Trail of Bits. OETH uses over 95% of Origin Dollar’s codebase, allowing the protocol to take advantage of OUSD’s battle-tested smart contracts that have seen hundreds of millions of dollars flow through them.
OpenZeppelin is one of the top blockchain security firms, auditing companies such as Coinbase, Aave, The Ethereum Foundation, and beyond. This article aims to summarize OpenZeppelin’s findings, assuring users that Origin Ether’s code remains bulletproof.
Origin Ether earns holders top-of-market yield on ETH, directly in their wallets in the form of “up-only” rebasing. The protocol earns yield through exposure to liquid staking tokens (LSTs) and liquidity provision within DeFi. Rewards tokens earned in DeFi are swapped into OETH and auto-compounded in user wallets. Through strategic allocations of ETH and LSTs, OETH earns significantly higher yield than holding liquid staking tokens outright.
There are two primary features of Origin Ether’s yield strategy that contribute to the token’s elevated yield. Its Automated Market Operations (AMO) strategy utilizes protocol-owned liquidity to earn a greater share of rewards on Curve, while allowing the protocol to better maintain its ether peg and reduce slippage.
Another factor that elevates yield is Origin Ether’s rebasing dynamic. By default, OETH held in smart contracts does not earn yield. Instead, this yield is passed on to regular holder wallets, boosting yield earned for normal users.
A total of 10 issues have been found. Only 1 was marked as medium severity, while the rest were marked as low severity issues. The medium severity issue has since been resolved, as well as many low severity issues alongside it.
OpenZeppelin reported one medium severity issue: Data feeds utilized by Origin Ether may be outdated.
One of OETH’s techniques to resist a change in the mix of backing assets in the case of a depeg of one of these assets depends on Chainlink oracles. In the event that Chainlink stopped updating their oracles, OETH would no longer have this additional layer of resistance.
This issue was marked as medium severity, as funds were not at risk of being stolen, and the issue would only become a concern in the event of a depeg. OETH’s oracle use is designed in such a way that even if all oracles used were completely under an attacker’s control, the attacker would not be able to reduce the number of ETH equivalents backing other users’ funds.
In response to OpenZeppelin’s findings, Origin DeFi has added code to stop mints or redeems of OETH that use a particular token if that token’s Chainlink oracle has not been updated within a specified timeframe.
The best risk-adjusted returns in DeFi are only offered by protocols with bulletproof code.
Origin DeFi understands that smart contract risk is among the most prevalent risks in DeFi, so it maintains a security-first mindset for all its products and code deployments. All code is audited internally and externally before being deployed, and timelocks are in place to safeguard holders’ assets.
Origin DeFi has a continuous agreement with OpenZeppelin to audit all code changes to Origin Ether before they are deployed on Mainnet. This ensures that even the smallest changes are meticulously reviewed, leaving no room for error.
To start stacking ETH faster, mint OETH and watch your balance increase daily.