Nov 6, 2023
Source: DefiLlama
Since late September, OETH has experienced a drawdown in OETH supply. As can be seen below, this is attributable to a reduction in POL which had been allocated to the Curve AMO. ETH TVL in the system has remained fairly stable in an overall uptrend.
Source: OETH Analytics | Date: 10/18/2023
2.1.2 Transaction Volume
The transaction volume includes all on-chain operations, including mint, burn and all other methods. The average OETH transaction volume from July 1st to September 20th is $3,753,089. However, considering the impact of the Curve exploits, three specific days had significantly higher volumes (July 30th, August 1st, and August 3rd). The combined transaction volume for those three days is $175,332,550, constituting approximately 51.9% of the total transaction volume for the entire 90 days ($337,778,028).
Source: Etherscan and CoinGecko | Date: 7/1/2023 - 9/20/2023
The transaction count includes all on-chain token transfers. The average daily tx count over the 90 day window was 26.67/day with a minimum of 2 and maximum of 124.
Source: Etherscan and CoinGecko | Date: 7/1/2023 - 9/20/2023
2.1.3 DEX Volume
A very low trading volume is anticipated when considering the characteristics of OETH compared to its backing assets (ETH and ETH derivatives) and its yield generation (over 7%). Over the 90 days, the OETH on-chain trading volume exhibited occasional daily spikes.
OETH experienced consistently higher volumes in early June that has since dropped off, punctuated by brief spikes. The majority of trade volume has historically taken place in the Curve OETH/ETH pool where the majority of OETH liquidity resides.
Source: Dex Guru | Date: 3/27/2023 - 8/26/2023
2.1.4 Average Transaction Size
The average transaction size for the observed 90-day period (July 1st to September 28th, 2023) is 74.827 OETH, and "all-time" metrics for OETH transfers can be seen in the image below:
Source: Bitquery Explorer
2.1.5 Trading Volume to Market Capitalization Ratio
The daily trading volume to market cap ratio shows sustained trading activity during a one month period from July to August. It has since experienced brief spikes, which is likely related to AMO activities.
Source: CoinGecko - 30th June to 26th September, 2023
2.1.6 Active Addresses/Users
According to the Token Terminal methodology, an active user is an address that has interacted with at least one of the six Origin protocol smart contracts: OGV, OUSD, OETH, OUSD Vault, OETH Vault, and OUSD Flipper.
Over the past 90 days, the Origin protocol recorded 130 active users, averaging 1.44 active users daily. From July 1st to September 28th, there were 15 days when the protocol had no active users. The peak activity occurred on July 30th, with eight active addresses interacting with business-relevant protocol contracts.
Source: Token Terminal
2.1.7 User Growth
The number of OETH holder addresses increased by 3.72% last week and by 13.76% in the last 30 days.
Source: Dune Analytics - 4 October, 2023
2.1.8 DeFi Integrations
OETH has relatively few DeFi integrations at this time, with a significant proportion of the total supply in the Curve OETH/ETH pool. 69.2% of the supply (labeled "other" below) is held in EOA addresses, multisig wallets, or MEV bot contracts.
Source: Etherscan | Date: 10/16/2023
Curve OETH/ETH pool: The primary DEX that contains protocol owned liquidity via the AMO. Pendle SY-OETH: A yield futures platform that allows users to earn a fixed yield on their OETH and speculate on future yields. VaultCraft OETH: A yieldfarming protocol that accepts OETH deposits. Curve frxETH/OETH pool: A strategy was recently approved by Snapshot vote for this additional Curve pool paired with Frax frxETH.
2.2 Competitive Analysis Metrics
2.2.1 Market Share
The Origin ETH (OETH) token cannot be categorized as an ETH LSD token because OETH is backed with less than 50% of that asset type, primarily consisting of WETH allocated to the Curve AMO. This is in the process of changing, with Origin aiming to reduce AMO reliance to 25% or less of overall TVL. The approach taken in creating yield strategies is entirely different from the yields earned by issuers of ETH LSD tokens. Hence, they are not considered direct competitors.
DefiLlama categorizes OETH as a yield aggregator with primary competitors being Yearn and Beefy. Within this application category, OETH is the third largest platform by TVL. The closest direct competitor to OETH is perhaps Yearn's yETH, just launched in September 2023.
Source: DefiLlama | Date: 10/16/2023
2.2.2 Trading Volume Share in Total LSD Trading Volume
Not applicable, as OETH is a basket of liquid staking derivatives.
2.2.3 Protocol Staking Yield
OETH has historically offered highly competitive yields, although yields have been falling since inception. The higher yields are attributable to CRV and CVX rewards harvesting in the Curve pool, which is the primary strategy utilized by OETH.
Source: Dune Analytics
Compared to the styETH ETH Staking Index, a benchmark for ETH staking yields, OETH consistently outperforms. It likewise outperforms a competitor product by Yearn, yETH.
Source: DefiLlama and Compass FinTech
Compared to key LSD protocols, OETH has consistently outperformed in terms of yield.
Source: DeFiLlama | Date: 1/16/2023 - 10/16/2023
2.2.4 Slashing Rate
OETH holders are exposed to the underlying strategies and LSD tokens (e.g., slashing) deployed within the system. Given the intricate and evolving nature of these strategies and LSDs, understanding and quantifying the potential risk factors can be complex. Users must closely monitor the underlying assets and remain vigilant to system strategy changes. While the system is designed with robustness and security in mind, the complexity of its elements underscores the importance of cautious engagement and a thorough understanding of its operational mechanics.
2.3 Subsidization of Economic Activity
2.3.1 Existence of an Incentive Program
OGV is the governance and value accrual token for the Origin Dollar stablecoin (OUSD) and Origin Ether (OETH). Over 180 days, the cumulative USD value distributed as incentives for OGV stakers was $288,891 (as of September 29th, 2023). OGV can be staked as veOGV to earn governance rights for both OUSD and OETH and a share of the performance fees from both OUSD and OETH.
Source: Token Terminal
According to StakeDAO Votemarket analytics, Origin has been offering OGV incentives to boost emissions to the OETH/ETH pool that amount to around $30/week. In the most recent epoch, the value of incentives doubled.
Source: VoteMarket
Section 3: Market Risk
This section addresses the ease of liquidation based on historical market conditions. It seeks to clarify (1) the Liquid Staking Basis & Volatility of wOETH, and (2) the liquidity profile of the collateral. Market risk refers to the potential for financial losses resulting from adverse changes in market conditions.
This section is divided into 2 sub-sections:
3.1: Volatility Analysis
3.2: Liquidity Analysis
3.1 Volatility Analysis
3.1.1 Liquid Staking Basis (LSB)
OETH aims to remain pegged to the price of ETH, exposing holders to Ethereum's price movements while earning a stable yield. Since launch, OETH has maintained peg reasonably well.
The LSB (Liquid Staking Basis) represents the price difference between OETH (liquid staking token) and its underlying asset, ETH. It measures the deviation of the OETH price from the ETH price.
Source: CoinMarketCap data | Date: 6/30/2023 to 9/27/2023
There have been two brief depeg events: first on June 2nd to a price of .992 ETH and a deeper depeg on July 30 to .981 ETH. In early June, the peg was jeopardized by a large holder (victim of the atomic wallet hack) selling into the Curve pool. The pool balance was quickly restored. The second event was attributable to the Curve pool hacks when Origin temporarily pulled all POL from the pool.
The chart below is from Curve pool on-chain data.
Source: Curve OETH/ETH pool
3.1.2 Relative Volatility
The average daily return for 90 days is 1.77%, and the calculated annual volatility is 33.84%.
Source: CoinGecko
The most significant deviation in daily returns took place on July 30 when Origin temporarily pulled all POL from the Curve pool.
Source: CoinGecko
3.1.3 Yield Volatility
Daily OETH yield oscillated substantially from May to July, shortly after launch of the product. Yields have become much less volatile in recent months.
Source: DefiLlama from May 29th to September 28th - "all-time."
3.2 Liquidity Analysis
3.2.1 Supported DEXs and CEXs
OETH has a presence almost exclusively on Curve. It has no CEX listings.
Source: Nansen | Date: 10/3/2023
3.2.2 LSD Token Total On-chain Liquidity
The total OETH on-chain liquidity is $30,111,084 on October 3 and 97% share of total liquidity is on Curve DEX in the ETH/OETH pool with $59.85m TVL according to DexGuru.
Source: DexGuru | Date: 10/3/2023
3.2.3 Liquidity Utilization Rate
The OETH liquidity utilization rate (daily trade volume / liquidity) is usually quite low, with a large spike on July 30 when Origin removed all POL from the Curve pool temporarily.
Source: DexGuru
3.2.4 Leverage Ratio
OETH is not currently listed on any lending platforms.
3.2.5 Slippage
The DefiLlama slippage estimator (Token Liquidity) tool shows that a trade of $26,875,000 (16,306 OETH) over Paraswap will produce 1.33% trade slippage.
Source: DeFiLlama | Date: 10/3/2023
Section 4: Technological Risk
This section addresses the persistence of collateral properties from a technological perspective. It aims to convey, (1) where technological risk arises that can change the fundamental properties of the collateral (e.g. unresolved audit issues), and (2) do any composability/dependency requirements present potential issues (e.g. is a reliable pricefeed oracle available?).
This section is divided into 3 sub-sections:
4.1: Smart Contract Risk
4.2: Product and Layer Composability
4.3: Oracle Pricefeed Availability
4.1 Smart Contract Risk
4.1.1 Protocol Audits
A complete list of Orgin audits (including for OUSD) can be found here: https://github.com/OriginProtocol/security/tree/master/audits
Two notable audits were explicitly made on OETH:
Only low-security findings, besides an Oracle issue (date feeds may be outdated), were brought up, which was corrected.
Recently, OpenZeppelin audited the Balancer MetaPool Strategy. Several high and medium issues were brought up, which have all been acknowledged and addressed. Other audits on protocols systems and related strategies can be found here: https://docs.oeth.com/security-and-risks/audits
4.1.2 Concerning Audit Signs
Despite having undergone rigorous audits and being based on the OUSD code base, the OETH protocol encompasses many complex elements, increasing the potential smart contract risk. Additionally, the DeFi strategies employed within the system constantly evolve, with Origin capable of implementing or removing strategies as needed. This dynamic nature of the strategies add another layer of complexity and potential risk. There are several trust assumptions highlighted in the aforementioned audit reports:
The system relies on collateral maintaining an expected value, which can be undermined by potential slashing events.
A number of oracle price feeds are used which are relied upon to operate properly.
The Curve OETH/ETH pool and Convex booster contract are granted infinite approval to spend strategy assets and therefore trusted to operate properly.
4.1.3 Bug Bounty
Origin operates an active bug bounty program via Immunefi. The rewards, determined entirely by Origin Protocol, span from $100 to $1,000,000 in OUSD, with the maximum bounty set at $1M for critical smart contract vulnerabilities.
The program explicitly covers OETH and OUSD contracts. It emphasizes preventing issues like fund loss, yield loss, fund freezing, unauthorized admin actions, governance malfunctions, stolen transaction details, subdomain takeovers, harmful wallet interactions, and malevolent transactions. As of June 2023, Origin has disbursed a total of $155,850.
4.1.4 Immutability
The OETH contract architecture uses a proxy pattern that allows upgrading contract logic while preserving the state in the proxy contracts. The proxy contracts act as persistent storage, while the logic contracts can be replaced.
This enables the DAO to add features and fix issues through on-chain voting rather than needing to deploy entirely new contracts each time. The core proxy contracts, like the Vault, remain persistent, while the logic implementation contracts can be upgraded subject to a timelock.
More details can be found on the OETH contracts registry.
4.1.5 Developer Activity
Origin Protocol has over 20 repositories on GitHub. The main repo shows regular code activity and has over 3,000 commits. The core protocol engineers are actively maintaining and improving the system.
The chart below shows monthly unique developers and dev commits over time across all Origin products:
Source: DefiLlama
4.1.6 SC Maturity
The initial OETH contracts were deployed in May 2023. The system shares much of its code with OUSD, Origin's yield-bearing stablecoin launched in 2020. OUSD reached over $300m in TVL, providing battle testing for core components like the vault strategy interactions.
4.1.7 Previous Incidents
OETH, since its inception in May 2023, has managed to avoid any direct exploits or losses. However, specific incidents have shed light on its dependency on timely actions by the strategist multisig, as well as the potential hazards of incorporating unaudited strategies.
In November 2020, a reentrancy bug that went unnoticed led to a $7 million exploit of Origin's OUSD stablecoin. The codebase had yet to be audited at the time. The subsequent month saw the relaunch of OUSD, fortified by multiple audits and security enhancements. The Origin community fund compensated all affected users. While this incident is unrelated to OETH, it underscores the persisting risks associated with smart contracts, even post-audit, and testifies to the team's dedication to shielding users from losses.
In June 2023, the strategist multisig momentarily pulled out funds from a newly unveiled Morpho strategy, routing them back to the OETH Vault using the withdrawAllFromStrategy function. This swift move was in response to a detected potential flaw in Morpho's interest rate model. Once the matter was resolved, the funds were redeposited on June 14th. This incident illustrates the multisig's agility in reacting to potential threats by extracting funds from questionable strategies. It also stresses the perils of prematurely integrating unaudited strategies without adequate real-world testing.
Source: Origin Discord Server: #DeFi-Governance-Forum
On July 30th, 2022, several pools of the Curve protocol were compromised. Within an hour, the Origin team expeditiously coordinated the withdrawal of OETH funds from Curve strategies as a precaution while the investigation was still underway. Such incidents emphasize the pivotal role of the strategist multisig team's timely coordination in ensuring OETH's security.
While OETH users have not faced direct exploits leading to losses since the May 2023 launch, the platform's heavy reliance on the strategist multisig team introduces a possible central point of failure. Their coordination and responsiveness are essential to security. Incorporating new, unaudited strategies also opens the door to latent threats. As of early October 2023, Origin confirmed having renewed their retainer with OpenZeppelin and that all new strategies will be audited before deployment.
4.2 Product and Layer Composability
4.2.1 Dependencies
The OETHOracleRouter contract is set as priceProvider
in the OETH Vault. This contract sources Chainlink pricefeeds for all underlying assets and reward assets.
Source: DethCode: OETHOracleRouter
OETH relies on Chainlink price oracles to accurately evaluate the underlying LSD tokens and reward assets like CRV and CVX. This prevents overpaying for assets trading below the peg during minting/redeeming/harvesting.
The price feeds aim to ensure the protocol does not overpay for LSDs that may be trading below the peg. Since 1 OETH is intended always to be backed by 1 ETH, it may need to adjust the quantity minted or redeemed based on current market data. Additionally, when tokens are sold for additional yield, the protocol uses price feeds to check that price slippage does not exceed a reasonable bound.
Without sanity checks, inaccurate oracle prices could allow attackers to mint OETH at below-fair value if the LSD prices are manipulated downward or redeem OETH for excess collateral if LSD prices are pushed upward on the oracle, draining funds from the system. To prevent this, the OETH vault only uses oracles to penalize mints and redeems. This ensures the protocol gains or stays equal in stablecoin quantities, as a mint of 1 ETH of an LSD can never return more than 1 OETH and a redemption of 1 OETH will never return more than 1 ETH quantity of an LSD. While an attacker could exploit a depegged LSD and inaccurate oracle to alter the Vault's holdings, the protocol would profit if the LSD returned to peg. Overall, this approach protects against oracle manipulation risks in mints and redeems.
4.2.2 Withdrawals Processing
Users can permissionlessly redeem OETH for underlying assets through the Origin dapp or by calling redeem
directly from the Vault contract. Redemptions attempt to withdraw first from the OETH Vault. If insufficient liquidity exists in the Vault, it will attempt to drain funds from the active strategies. This ensures users can always exit with their share of collateral, even if strategies are loss-making. Withdrawals return a pro-rata share of the collateral basket, exposing users to a composite of the underlying LSD tokens like rETH, stETH, and frxETH. OETH cannot be redeemed for ETH directly.
4.3 Oracles Pricefeed Availability
4.3.1 Understanding the Oracle
The code and contracts for a custom OETH price oracle are in development in Origin Protocol's GitHub repository. The OETHOracle
and OETHOracleUpdater
contracts have not yet been audited or deployed on Ethereum mainnet.
OETH pricing data for the custom oracle comes primarily from the Curve OETH/ETH pool using the manipulation-resistant Curve Exponential Moving Average (EMA) oracle. The oracle is designed to be resilient against manipulation. The Curve EMA oracle prevents dramatic price changes compared to using the spot price.
In case the Curve EMA price is below what a user could receive from direct redemption, the oracle will return the aggregate redemption value. The OETH Vault floorPrice() gives a minimum redemption value for OETH, which acts as a price floor if market prices drop due to an attack. The OETHOracleUpdater accounts for the Curve EMA market price and OETH Vault floor price when calculating the final published OETH/ETH rate.
Origin will use Chainlink Automation to update the oracle daily and if prices deviate by 0.5%. The oracle will be deployed once external applications demonstrate a need for the on-chain OETH price feed. The decentralized dual data sourcing provides reliable, manipulation-resistant OETH pricing.
OETH Oracle Architecture The OETH Oracle provides on-chain pricing for OETH relative to ETH using data sourced from decentralized exchanges and the OETH Vault. It consists of two smart contracts - the OETHOracle stores historical price snapshots, while the OETHOracleUpdater aggregates data into new prices. The OETHOracle implements the Chainlink AggregatorV3Interface standard to serve price feeds to applications.
Source: OETH Oracle Solution Design
The OETHOracleRouter fetches price data for OETH's underlying assets from Chainlink oracles in 5 steps:
Step 1 - Define Chainlink price feeds: With function feedMetadata is specified which Chainlink feeds will be used for each asset (in OETH case - OETH underlying assets) and the maximum staleness allowed for the data of that price feeds.
Source: ContractReader
Step 2 - Fetch latest price feeds data: By calling the price (address asset) function with any of OETH's underlying assets address as argument, Contract first fetches the metadata for the Chainlink feed using feedMetadata. Then, it uses the Chainlink AggregatorV3Interface to fetch the latest price data.
Step 3 - Validate staleness: Then contract compare timestamp when is price feed updated (updatedAt) with maximal staleness value (maxStaleness).
Step 4 - Validate price range (MIN_DRIFT and MAX_DRIFT): Then the contract checks if OETH underlying price assets are within the defined price range.
Step 5 - OETHOracleRouter: The OETHOracleRouter smart contract is built on the OUSDOracleRouter contract codebase but has implementation differences. OETHOracleRouter denominates all underlying asset prices in ETH and does not do range checks as a "parent" contract
4.3.2 Token Liquidity and Distribution
Liquidity for the underlying LSDs like rETH, stETH, and frxETH is more widely distributed across DEXs. However, OETH itself remains highly concentrated on Curve. OETH is primarily liquid in Curve's OETH/ETH pool, which contains about 25% of the circulating OETH supply as of October 17. On the contrary, the amount of OETH on Uniswap is comparatively small, with approximately 100 ETH in the UniV3 pool 0.05%.
Recently, a proposal was submitted to Curve governance to add a gauge for a new frxETH/OETH pool. This proposal aims to increase liquidity and trading volumes for OETH and Frax's frxETH by incentivizing the pool through CRV emissions rewards.
The gauge would help attract more liquidity into Curve's frxETH/OETH pool if approved. This can improve overall OETH liquidity across venues, although the pairing with frxETH presents less utility. The proposal notes that a meaningful portion of the current ETH/OETH pool liquidity may migrate to the new frxETH pool if the incentives are approved.
4.3.3 Attack Vectors
The OETH/ETH pools have relatively low liquidity currently, making manipulation attacks more feasible. A temporary distortion on Curve could provide erroneous data to the oracle. Furthermore, high reliance on a single pool/DEX (Curve OETH/ETH pool) depends on reliable operation of the pool and the AMO strategy employed by the protocol.
The Chainlink oracles could theoretically be manipulated to provide inaccurate pricing data. However, each aggregated Chainlink price feed sources data from multiple independent nodes across multiple exchanges.
4.3.4 Associated Vulnerabilities
Bad Debt Creation: In a successful price feed manipulation attack, one direct impact could be the creation of bad debt for the Protocol. Lending protocols rely on accurate price feeds to maintain appropriate collateralization ratios. If the price feed is manipulated to reflect an inaccurate price, attackers may perform malicious actions to create bad debt.
Faulty Liquidation: If an oracle is manipulated to drastically lower the price of a collateral asset in a lending protocol, it could trigger unjust liquidations of user positions, causing financial losses and disrupting the normal operations of the protocol.
Section 5: Counterparty Risk
This section addresses the persistence of wOETH’s properties from an ownership rights perspective (i.e. possession, use, transfer, exclusion, profiteering, control, legal claim). The reader should get a clear idea of (1) who can legitimately change properties of the collateral (e.g. minting additional units) and what their reputation is, (2) the extent that changes can be implemented and the effect on the collateral.
This section is divided into 3 subsections:
5.1: Governance
5.2: Economic Performance
5.3: Legal
5.1 Governance
5.1.1 Governance Scope
OGV token holders govern the OETH smart contracts through on-chain voting. This governance mechanism allows OGV stakers to submit and vote on proposals to upgrade contracts, adjust parameters, or make other changes to the protocol.
Any address holding at least 10,000,000 vested OGV (veOGV) can submit a proposal. A minimum of 20% of the total veOGV supply is required to reach a quorum for a vote to succeed. There is no minimum token requirement to vote on existing proposals.
Once a vote succeeds, there is a 48-hour timelock period before the proposed changes can be executed. This delay gives users time to react to any proposal outcomes they disagree with.
Source: Origin's governance hub
5.1.2 Access Control
The contracts' access controls are managed by the governor
and strategistAddr
roles specified in the system contracts. The governor
is responsible for critical functionality which includes upgrades to system contracts and governance management of the timelock contract. The strategistAddr
manages operations pertaining to vault strategies.
The governor
was previously set to a team-controlled 5-of-8 admin multisig, but has been transferred to the DAO-controlled OUSD governance contract as of this vote execution on July 3, 2023. The strategistAddr
is set to a team-controlled 2-of-9 strategist multisig. The identity of these signers is not disclosed. Origin claims they are all unique, trusted individuals with close ties to Origin.
Admin 5-of-8 multisig: 0xbe2AB3d3d8F6a32b96414ebbd865dBD276d3d899
Strategist 2-of-9 multisig: 0xF14BBdf064E3F67f51cd9BD646aE3716aD938FDC
Signers (same for both):
Strategy operations (e.g., adjusting funds among strategies or temporarily stopping deposits) require less time and fewer authorizations, enabling the Origin team to respond swiftly to changes in market circumstances or potential security issues. Strategists can carry out a restricted set of functions with the approval of only 2-of-9 authorized signers. The strategist can only allocate funds between previously approved strategies. DAO-governance can set the strategistAddr
role, if needed.
The strategist multisig can do the following actions on the Vault:
depositToStrategy
- deposit multiple assets from the Vault into the strategy.withdrawFromStrategy
- withdraw multiple assets from the strategy to the Vault.setVaultBuffer
- adjust the funds held outside strategies for cheaper redeems.setAssetDefaultStrategy
- which strategy mints and redeems pull from for a particular strategywithdrawAllFromStrategy
- remove funds from a single strategy and send them to the VaultwithdrawAllFromStrategies
- remove funds from all active strategies and send them to the VaultpauseRebase
- pause all rebasespauseCapital
- pause all mints and redeemsunpauseCapital
- allow all mints and redeemsswapCollateral
- swaps collateral assets sitting in the Vault
5.1.3 Distribution of Governance Tokens
According to the Governors Leaderboard from the OUSD Governance portal, one address has over 50% of veOGV voting power and is the Origin team-controlled admin 5-of-8 multisig. Only 27 unique addresses have voted on any proposals. Although technically governed by a DAO, the team clearly retains unilateral power to govern the protocol.
Source: OUSD Governance portal
5.1.4 Proposals Frequency
Since June 20th, 2022, Origin DAO (initially only responsible for OUSD governance) has put forth 104 proposals. From that date to the present (October 6th, 2023), Origin DAO has introduced a new proposal approximately every 4.54 days. Although this seems frequent, the majority of these DAO proposals pertain to yield strategy optimization. Additionally, the Origin team multisig controls the majority of the voting power, making these proposals appear more like formal announcements for specific changes.
Out of the 104 proposals, 96 were decided off-chain on the Snapshot platform, one served as a "temperature check," and seven proposals were deliberated on-chain (sources: Messari and DeepDAO).
5.1.5 Participation
According to data from Messari, a total of 96 proposals first went through off-chain Snapshot voting. There have been a total of 18 proposal authors, and in the off-chain voting process there have been 70 unique voter addresses (metrics do not include addresses which delegated to them). The off-chain proposal pass rate is 62% (not counting missed quorum).
Source: Messari Governor
5.2 Economic Performance
5.2.1 Revenue Source
The protocol charges a 20% performance fee on all yield earned. It has historically reinvested all protocol revenue into acquiring governance stake in "flywheel assets" such as CVX to boost emissions to the OETH pools. As of a recent Snapshot vote, a portion of the revenue may be allocated to buying back Origin's OGV governance token.
5.2.2 Revenue
Origin's revenue from OETH can be tracked in real time on the Dune dashboard. As of October 6th, 2023, Origin has generated over 130 OETH (≈$211,460) in revenue.
Source: Dune Analytics
Source: Dune Analytics
5.2.3 Net Profit
Information is not available on operating costs.
5.3 Legal
5.3.1 Legal Structure
The website https://www.oeth.com/ states its original affiliation with Origin Protocol. The Terms of Service, which can be directly accessed from the website's landing page, are connected to https://www.originprotocol.com/tos. The referenced document asserts that the website is the property of Origin Protocol Labs, a legal entity domiciled in the Cayman Islands.
Concerning the ownership structure of Origin Protocol Labs, our efforts to uncover detailed information have needed to be improved by the fee-gated access imposed by the Cayman Islands General Registry. Without this data, a complete understanding of the entity's operational and ownership dynamics remains elusive.
5.3.2 Licenses
In our risk assessment of wstETH, we outlined the regulatory framework governing staking service providers domiciled in the Cayman Islands.
The Cayman Virtual Asset Service Providers Act (VASP Act), revised in 2020, established a comprehensive regulatory registration and licensing system for VASPs. This Act enforces FATF Recommendation 15 (New technologies), focusing on international standards to counter money laundering, financing of terrorism, and proliferation. Every blockchain-based token that can be technically transferred or exchanged falls under the definition of a virtual asset according to the VASP Act, regardless of its programmed properties or intended use. The Act does not differentiate between what are typically referred to as utility tokens, security tokens, and stablecoins. However, "virtual service tokens" are not considered virtual assets. The VASP Act excludes "virtual service tokens," which are "a digital representation of value which is not transferable or exchangeable with a third party at any time and includes digital tokens whose sole function is to provide access to an application or service or to provide a service or function directly to its owner."
Currently, there are no extant restrictions or prohibitions on the staking of tokens, as imposed by the regulatory authorities in the jurisdiction or as stipulated in the applicable legal statutes.
5.3.3 Enforcement Actions
The SEC maintains that the Origin Protocol does not appear on the public Crypto Assets and Cyber Enforcement Actions List. Furthermore, we have yet to find specific information on lawsuits against Origin Protocol brought by other regulators.
5.3.4 Sanctions
In light of our inquiry regarding the safeguards implemented to ensure compliance with the most recent sanctions designations, the team explained that OETH's front end is unavailable in the US. Furthermore, they have instituted robust operational protocols to prevent access to front-ends from all countries subject to sanctions administered by the Office of Foreign Assets Control (OFAC). A list of different sanctions programs is available here.
5.3.5 Liability Risk
The front end is distinctly offered on an "as-is" and "as-available" basis. Origin Protocol Labs and its suppliers disclaim all warranties and conditions, whether express, implied, or statutory. This includes disclaiming warranties of merchantability, fitness for a particular purpose, title, quiet enjoyment, accuracy, and non-infringement. The explicit absence of warranties extends to the uninterrupted, timely, secure, error-free availability of the website, as well as its accuracy, reliability, completeness, legality, and safety.
A stringent limitation on liability is instituted. Origin Protocol Labs is not liable for lost profits, data, and costs associated with substitute products or any indirect, consequential, exemplary, incidental, special, or punitive damages. This limitation prevails even if Origin Protocol Labs has been apprised of potential damages and the use of the front-end is expressly at the user's risk. Users are solely responsible for any damages to their device or computer systems or data loss resulting from the front-end usage. Origin Protocol Labs's liability is capped at $50, a constraint that remains unaltered by multiple claims.
ToS provisions detail an agreement regarding resolving disputes through arbitration rather than jury trials or class actions. The American Arbitration Association (AAA) or an alternative dispute resolution provider oversees the arbitration if AAA is unavailable. The arbitrator has the authority to decide the rights and liabilities of the involved parties and is empowered to grant motions and award monetary and non-monetary reliefs. Awards and decisions are provided in writing, with the arbitrator possessing similar authority as a judge in a court of law.
The parties waive their rights to a jury trial, electing for all disputes to be resolved by arbitration, which is typically a more limited, efficient, and less costly process. All claims must be litigated or arbitrated individually, not on a class basis. Defamation claims, Computer Fraud and Abuse Act violations, and infringement or misappropriation of intellectual properties are exempt from arbitration. If litigation occurs in court, the parties consent to the jurisdiction of courts located within Grand Caymans.
While Origin has implemented stringent measures to mitigate liability, it is not entirely immune from risks. Jurisdictional variations, the potential unenforceability of clauses, and the inherent challenges associated with arbitration, including costs and the finality of decisions, underscore the complexities.
5.3.6 Adverse Media Check
We conducted an open-source search encompassing money laundering, corruption, sanctions exposure, threat financing, or involvement in illegal activities to identify allegations or reports associated with Origin Protocol that reputable news outlets and other publications have published.
This inquiry yielded no evidence or indications that Origin Protocol has been implicated or convicted in such nefarious activities. Our search did not unveil any sources directly addressing or reporting legal complications, regulatory confrontations, or adverse information relating to the Origin Protocol. Consequently, based on the currently available public information, Origin Protocol does not appear to have any documented involvement in activities that would breach legal or ethical standards.
Section 6: Risk Management
This section will summarize the findings of the report by highlighting the most significant risk factors in each of the three risk categories: Market Risk, Technology Risk, and Counterparty Risk.
6.1.1 Market Risk
LIQUIDITY: Does the token have a liquid market that can facilitate liquidations in all foreseeable market events?
OETH faces liquidity risk as its market depth resides almost exclusively in the Curve OETH/ETH pool. Expanding across DEX venues can improve resilience. Thanks to active liquidity management from the Curve AMO, there has historically been a significant amount of the token supply available on exchange. This assumption should be monitored, as a recent vote passed to reduce reliance on the AMO to a maximum 25% of system collateral.
According to Dex Guru, OETH on-chain liquidity has declined by over 50% in a two week time period since October 13. As of October 17, a ~$13m swap from OETH to ETH produces a 1% slippage, according to the DeFiLlama Token Liquidity tool.
VOLATILITY: Has the asset had any significant depeg events?
The AMO aims to maintain the 1:1 OETH/ETH peg during normal conditions. However, issues with underlying strategies or dependent platforms could cause instability in the peg. This was realized briefly on July 30 when all OETH POL was temporarily removed from the Curve pool during the Curve pool hack, causing OETH to trade at a 2% discount to ETH.
As new yield strategies are added via governance votes, OETH's risk profile evolves dynamically. Problems with strategies could induce volatility and peg deviations. OETH's intricate strategies and dependence on external protocols may increase its volatility risk compared to simpler LSD models. Changes to strategies, governance actions, and issues with dependent platforms warrant close monitoring to assess impacts on market risk.
6.1.2 Technology Risk
SMART CONTRACTS: Does the analysis of the audits and development activity suggest any cause for concern?
Smart contract risk is elevated due to the intricate strategy interactions. Although the code has been audited by multiple external firms, the dynamic nature of strategies being added/removed increases potential vectors.
The Origin team has expressed a commitment to have audits for all added strategies and has been fairly conservative with implementing additional strategies. Furthermore, the OETH contracts are based on OUSD which has been in production since 2020, improving the maturity of the system. There is also an active bug bounty program with ImmuneFi.
DEPENDENCIES: Does the analysis of dependencies (e.g. oracles) suggest any cause for concern?
The OETH system depends on the integrity of both Chainlink price feeds and Frax's custom on-chain oracle (in the case of frxETH) during minting, redemption, and harvesting. There are sanity checks to ensure the system never prices a normalized unit price for more than one unit of OETH/OUSD when minting and never gives out more than one normalized unit amount per OETH during redemption.
OETH also leverages DeFi platforms such as Aave, Compound, and Curve, introducing notable smart contract risks. While the team collaborates with platforms managing billions in assets and conduct due diligence regarding their security, there is no absolute certainty of their continued flawless operation. Any malfunction in these underlying strategies could potentially result in a loss for OETH holders.
The only OETH pricefeed available is from the Curve pool EMA, which creates a dependence on this liquidity venue for any lending protocol integrations. Origin is developing a custom OETH oracle that will use the curve EMA unless that price is below what you could redeem directly from the OETH vault, in which case it totals up the prices of what could be withdrawn from the vault for OETH. This custom oracle has not yet been audited or deployed.
Withdrawal processing risk is low since users can exit strategies directly at any time for a pro rata share of all constituent collateral assets. The risk lies primarily in the performance of the underlying strategies, since failure associated with a strategy or the associated LSD token may impact the redemption value.
6.1.3 Counterparty Risk
CENTRALIZATION: Are there any significant centralization vectors that could rug users?
Centralization risk is currently significant. The team-controlled strategist multisig wields considerable control over assets and operations. Although the governor role was transferred to DAO governance in July, the team-controlled admin multisig continues to make up over 50% of the overall vote power. While the transition to on-chain governance is commendable, the diffusion of vote power should be monitored to ensure a transition over time to genuine decentralized governance.
Multisigs, when employed properly, can enhance security. Distributing and diversifying the critical signing process among numerous participants, primarily external entities, can heighten this security. However, OETH's low signing threshold (2-of-9) may expose it to increased risk, as there are more opportunities for keys to become compromised. On the other hand, the addition of new strategies is now managed by the DAO and undergoes a 48h timelock.
LEGAL: Does the legal analysis of the protocol suggest any cause for concern?
A legal risk is associated with the protocol control held by multisig signatories. The identities and jurisdictions of these signers are not disclosed, making regulatory exposure unclear. Although the team has clarified that Origin Protocol Labs neither issues nor operates OETH and has no involvement in token sales or its operations, the jurisdictional implications remain ambiguous. They assert that OETH operates under a fully decentralized system without any single entity or group's oversight. Based on this, they believe they do not fall under the Cayman's VASP Act's purview, as they neither act as a Virtual Asset Service Provider nor engage in any services defined in the Act.
6.1.4 Risk Rating
The following chart summarizes a risk rating for wOETH as collateral based on the risks identified for each category. The rating for each category is ranked from excellent, good, ok, and poor.
We rank wOETH as ok on liquidity because most of its liquidity resides in the Curve OETH/ETH pool, making access to liquidity highly reliant on a single liquidity venue.
We rank wOETH as good on volatility because while the complex interactions between strategies and reliance on external protocols increase potential depeg risk, the protocol makes significant use of an AMO that should manage the peg during normal operation.
We rank wOETH as ok on smart contracts because although the code has undergone rigorous audits of the proven OUSD codebase, the system fundamentally relies on dynamic strategies. Bugs may be introduced in strategy updates, increasing uncertainty of smart contract security, despite the stated effort of the team to thoroughly audit new strategies.
We rank wOETH as ok on dependencies because the only OETH price feed available is the Curve pool EMA, which although has been audited it is a new design and creates a reliance on the Curve liquidity venue. Origin has a custom oracle based on the EMA in development but it is not yet ready for deployment.
We rank wOETH as ok on decentralization as most access controls, including timelock, now rests with token holders (although the team has majority governance power), and the strategist multisig maintains a notable influence over its operations.
We rank wOETH as ok on legal due to the regulatory framework in the Cayman Islands, but concerns arise from unclear licensing and ownership. More reliance on ToS clauses can create enforceability doubts. For clearer legal standing, it is crucial to have explicit user acknowledgments of risks tied to DeFi activities. This specificity strengthens the clarity of general terms and the validity of disclaimers, reducing ambiguities and potential legal issues.
The primary blocker from making wOETH suitable as a collateral type is the need for a OETH price feed oracle that is both highly reliable and readily available. Origin has an oracle in development that is awaiting audit and deployment. Ideally, there should be broader adoption of OETH across multiple exchanges, as there is currently a high reliance on the OETH/ETH Curve pool. As seen on July 30 when several Curve pools were hacked, essentially all OETH liquidity was temporarily removed as a precaution. To reduce the risk of accruing bad debt to the protocol in a similar future event, there should be emphasis on building liquidity on several venues.
Two particular strengths of OETH are its AMO strategy and withdrawal processing. The AMO strengthens the peg, ensuring OETH tightly tracks the price of ETH during normal operation. Because withdrawals are always available during normal operation (for a 0.5% fee), there is a strong assurance that OETH can be readily redeemed for a proportional share of its underlying LSD assets.
OETH poses a somewhat different risk profile than the LSD assets we have previously reviewed, including a compounded risk by having exposure to multiple underlying LSDs. Ultimately, so long as users appreciate the inherent risk of OETH exposure, with the introduction of the OETH price oracle, we believe wOETH can be adopted as a collateral asset.