Addendum to Collateral Risk Assessment - Wrapped Origin ETH (wOETH)

Addendum to Collateral Risk Assessment - Wrapped Origin ETH (wOETH)

Addendum to Collateral Risk Assessment - Wrapped Origin ETH (wOETH)

Aug 12, 2024

Update No: 1

Referenced Report: Collateral Risk Assessment - wOETH

The following addendum references the PrismaRisk assessment of wOETH published on Nov 7, 2023. This update report seeks to present the latest insights and developments from the initial risk assessment of wOETH as of July 19, 2024.

The addendum serves to offer additional context, analysis, and updates that have emerged since Nov 6, 2023. References to the initial report will be made throughout.

Our review will follow the same format set out in the initial report. Sections and subsections that saw relevant changes are presented.

Section 1: Protocol Fundamentals

Key metrics as of July 19, 2024 compared to the values from the original report from October 3rd, 2023.

Sources: Etherscan, OETH Analytics & Origin DeFi Grafana Dashboard

1.1 Description of the Protocol

Prior to a March 2024 redesign vote, OETH was an ETH-backed, yield-generating token that sought to maximize staking rewards by employing strategies involving liquid staking derivatives (LSD/LST) such as rETH, stETH, and sfrxETH, combined with an algorithmic market operations controller (AMO).

The token has since pivoted into being a liquid ETH staking token that aims to have a tighter peg to ETH, greater security and higher yields relative to other LSTs. The new composition includes the following infrastructure and design changes:

Decentralized validator technology (DVT): through the integration of the SSV Network, an ETH staking network based on Secret Shared Validator (SSV) technology that allows validator keys to be generated and split into multiple KeyShares and distributed to nodes that then operate the validator. This is in contrast to some other LSTs that operate with “in-house” validator and operator systems. The security benefits of this staking infrastructure choice include improved fault tolerance with multiple nodes operating a validator (reduced slashing risk) and non-custodial staking (validator keys stored offline).

Redemptions: previously redemptions from the Vault returned an equal value of every supported asset (WETH, frxETH, rETH, stETH), but now solely redeems WETH. According to the balance sheet, all underlying assets are ETH and protocol-owned OETH, with a majority natively staked on the beacon chain. A new Automated Redemption Manager (ARM) is currently in development for use with OETH, and is designed to allow for zero slippage swaps of redeemable assets.

1.1.1 Underlying Collateral

OETH remains backed 1:1 by ETH; the change to an LST model resulted in the divestment of previously held positions in other LSDs (sfrxETH, stETH & rETH) and discontinuation of lending strategies (as can be seen below). ETH proceeds were gradually staked following an initial investment window.

Source: OETH Analytics | Date: 7/20/2024

Market making via the AMO remains the sole strategy utilizing collateral, i.e., maintaining the peg in the Curve OETH/ETH pool through periodic liquidity rebalancing, and subsequently generating additional yield in CRV and CVX. This strategy is similar to the one employed by frxETH, which also involves an AMO strategy to manage the frxETH peg. Such strategies reinforce confidence in the protocol's ability to honor immediate redemptions at reasonable prices through secondary markets.

AMO exposure was previously set to ‘25% or less of TVL’ via a vote and this target seems to have remained within this range at time of writing. When looking at Convex collateral and total liabilities (OETH circulating supply + protocol owned liquidity) on OETH’s balance sheet for 07/21/2024 and a week prior (07/14/2024), exposure was at approx 18% and 20% respectively.

Source: OETH Analytics - Balance Sheet | 07/21/2024 & 07/14/2024

1.1.2 Yield Accrual Mechanism

OETH yield was previously generated through exposure to LSDs (native staking yield), lending strategies (e.g. Morpho Aave WETH lending), and market making (e.g. farming the Curve OETH/ETH pool). Yield is now sourced from native staking, SSV rewards and market making. Native staking ETH yield or Validator rewards accrue in 2 ways:

  • Consensus Layer Rewards: sent directly to the stakers withdrawal address.

  • Execution layer rewards: priority fees and MEV rewards. Rewards are sent directly to a pre-specified fee recipient address (default is staker account owner address). A cluster consensus is required on the recipient address each time rewards are distributed.

As of 07/21/2024, SSV Network is running a limited-time incentive program for validators that rewards validators with $SSV tokens based on a tiered performance system. The NativeStakingSSVStrategy contract swaps SSV rewards (validator rewards and $SSV) for ETH.

Protocol earnings are directed to the Dripper contract in the form of WETH. Yield distribution is delayed to smooth out otherwise varying yields and to prevent front running. Previously, the dripDuration (yield distribution) was configured to 3 days but has now been set to 7 days as of January 18, 2024.

1.1.3 Provider Fee

A 20% performance fee and 0.5% exit fee were charged in the previous yield-generating model. For context, a performance fee is charged on each rebase and an exit fee charged when OETH is redeemed directly from the OETH Vault.

Following the vote to apportion the performance fee that was previously solely used to buy CVX, the split is now 50% used to buy back OGN on the open market to be distributed as additional rewards for stakers, while the other 50% going towards acquiring flywheel tokens (CVX) to boost yield generation.

The 0.5% exit fee has since been reduced to 0.1%, due to “additional defenses against de-pegging that are no longer relevant” but still protects the protocol from any malicious attacks that could theoretically result from rounding errors (see section 4.1.2). The fee does not apply to a newly introduced async withdrawal system and is expected to be fully deprecated.

1.1.4 Node Operator Set

ETH reserves are staked using distributed validator technology (DVT) enabled by an integration with SSV Network. Validator keys are encrypted, split into Multiple KeyShares (Min 4) and distributed to non-trusting nodes. Multi-Party Computation (MPC) is utilized to allow KeyShares to be distributed to node operators to perform validator computation duties without reconstructing the validator key on any single device.

SSV node operators are then selected by stakers to become part of a ‘Cluster’ to receive a KeyShare and operate their validator. There are 3 types of node operator classifications:

  • Verified Operators (VOs): DAO-curated list of reliable and high-performing operators. Based on experience, performance and background checks. The Verified Operator Committee (VOC) is responsible for screening and nominating new verified operators.

  • Permissioned Operators: Operators choose to authorize only a list of wallet addresses to register validators to them.

  • Public: Node operators that are neither Verified nor Permissioned.

Origin currently uses Permissioned Operators from P2P, a professional staking service provider (2.25% of total ETH stake). As the sole cluster operator, P2P supports various liquid staking protocols across multiple blockchains. 30-day operator performances range between 98% - 99%.

Source: Origin DeFi Grafana Dashboard

Individual KeyShares can’t sign a duty alone, but not all nodes for a validator are needed to sign if some are faulty (see section 1.1.5 for ‘fault tolerance’ description). In the case of node operators who behave maliciously, details on sanctions for operators that are relevant to SSV operations are limited. Available info does state that operators found to have double signed are “permanently disqualified from participation and rewards”.

Source: SSV Network - Q&A

1.1.5 Validator Selection

To run a validator, KeyShares must be distributed to a cluster of selected node operators. The selection of node operators is determined by stakers and customization is based on their own preferences.

The number of nodes per cluster is determined by a minimum fault tolerance desired. As mentioned in section 1.1.4, not all nodes are required to sign data, in the event where 1 or more nodes go offline, the remaining nodes can fulfill signing duties. This is based on the Istanbul Byzantine Fault Tolerance (IBFT) algorithm. SSV allows for a minimum fault tolerance based on a 3f+1 formula where ‘f’ is the number of faulty operators that a cluster could endure (more operators, greater fault tolerance).

1.1.6 Validator Collateralization

Validators are required to provide the 32 ETH for a Beacon Chain validator key to be generated and KeyShares distribution. Staking with SSV is non-custodial, with validator keys and withdrawal keys remaining private.

In addition to selecting preferred operators to form a Cluster, the cost of managing validators needs to be funded with the network’s native token SSV. An appropriate balance of SSV is required to cover:

  1. Operator fees: desired amount is set by individual operators, and therefore varies.

  2. Network fees

  3. Liquidation collateral: to ensure a sufficient balance to cover operational costs prior to liquidation if operational balance runs out (runway).

Source: SSV docs - Cluster

Operator and Network fees are grouped as 'Operational runway' when considering the appropriate Cluster balance in addition to the Liquidation collateral. Cluster funding formula:

Source: SSV Docs

1.1.7 Governance Model

Previously, Origin DAO governed OETH contracts (OETH Governor contract and OETH Vault proxy contract) through OGV, the protocol’s governance token, and more specifically veOGV, staked OGV.

Since a proposal to merge OGV and OGN passed in April 2024, OGN governance and value accrual mechanisms seen in OGV, including the ability to stake OGN for vote-escrowed OGN (xOGN) for governance and economic rights were absorbed into OGN.

As a part of the new xOGN tokenomics, holders will also have value-accrual and governance rights over Origin’s new Automated Redemption Manager (ARM) product (see section 1.2.1 for more details on ARM). The strategist 2-of-9 multisig described in the initial report continues to manage the rebalancing funds between strategies, withdrawals and pausing deposits. These signers are called ‘Guardians’.

Much of the governance model changes involve the consolidation of OGV into OGN and the removal of yield strategies that relate to other LSTs, but much of the parameters and procedures remain the same.

1.2 System Architecture Diagram

1.2.1 Network Architecture Overview

The design change to liquid staking has meant the discontinuation of other LST involvement in the form of collateral (frxETH, sfrxETH, rETH, stETH) and yield-generating strategies in the protocol’s architecture. As described in the initial report, the OETHVault accepted user deposits and minted OETH against frxETH,rETH, stETH and WETH. Depositing and minting would happen in conjunction with the Zapper contract for ETH and sfrxETH, which were not supported directly via the vault.

As described in section 1.1.1, collateral funds are now utilized for native staking through SSV network and AMO strategies (yield generation & price stabilization). The OETH Vault still plays the important role of taking deposits but now only accepts WETH as collateral. ETH can be deposited by users through the dApp but will be routed and converted into WETH before minting.

OETH redemption from the vault has since been reduced from 0.5% to 0.1%, OETH vault's redeem function takes any amount of OETH and burns it in exchange for WETH at a rate of 1:0.999. This redeem process is gradually being deprecated by a newly introduced async withdrawal process and an upcoming Automated Redemption Manager (ARM).

At the time of writing, the ARM is currently under development. This product is currently in its early stages and is intended to offer zero slippage swaps for OETH and other redeemable assets (1:1 exchange rate). As it has yet to be fully implemented within OETH, a brief description of the product and its implementation results will only be presented here. Billed as a ‘cross between an AMM and an isolated money market’, asset prices are benchmarked against lending rates (in this case ETH) used on money markets such as Aave rather than pricing using a bonding curve. This presents an alternative scenario where LST holders have more capital-efficient avenues to instantly redeem for ETH instead of waiting for redemption queues (unstaking periods) or accepting less ETH through traditional AMM (e.g. varying curves and slippage for larger swaps). Over the last 12 months (from 07/22/2024) average borrow APY for ETH on Aave V3 is 2.60%.

As part of a beta-testing rollout, ARM has been integrated into 1Inch (stETH to ETH) and CowSwap and has generated over $470M in swap volume (daily adjusted price of ETH) since it launched in Dec 2023. Additionally, according to the Dune ARM-v1 data, the ARM trade price for stETH/WETH swaps has mainly been around 0.998 - 0.999.

Source: Dune - Origin ARM V1

Source: Dune - Origin ARM V1

As an alternative to redemption waiting periods and slippage from AMM swaps, ARM presents a more efficient way for holders to instantly redeem OETH and could be a driving factor in greater OETH adoption since its design change.

1.2.2 Architecture Diagram

The latest diagram of the OETH contracts:

Source: Contract Registry and Dependencies Chart

The following diagram shows the current overall value flow within the OETH system since the design change. See the Origin GitHub for a further breakdown of each category within the value flow.

Source: Origin GitHub

1.2.3 Key Components

Changes noted in this section will briefly describe the state of these components in the initial report and present how they have changed.

OETH Vault

Initial Report: The vault minted and burned OETH from WETH, frxETH, rETH, and stETH. The contract had custody over deposited funds and stored various strategies. OETH redemptions from the Vault returned an equal value of every LSD at a 0.5% exit fee.

Change: The vault now only mints and burns OETH from WETH. Querying the getAllStrategies function, 5 strategies are stored however 2 of the strategies (Morpho Aave V2 WETH Strategy and Lido Withdrawal Strategy) have been deprecated according to Origin docs, while 3 (First Native Staking Strategy, Convex ETH+OETH (AMO) Strategy and Second Native Staking Strategy) remain active, as shown in section 1.2.2. OETH redemptions exchange for WETH at a rate of 1:0.999 owing to the 0.1% fee. This redemption mechanism is in the process of being replaced by async withdrawals and ARM immediate swaps 1:1 with no fee.

Strategies

Initial Report: strategies associated with the OETH Vault included, ConvexEthMetaStrategy, FraxETHStrategy, OETHMorphoAaveStrategy, OETHBalancerMetaPoolwstEthStrategy.

Change: strategies include ConvexEthMetaStrategy, First Native Staking Strategy and Second Native Staking Strategy. The Native Staking Strategies interface with SSV Network for native staking duties e.g. validator/cluster and rewards management.

AMO

Initial Report: AMO deposits funds into the Curve pool and allocates liquidity to both sides of the pool (ETH and OETH). Its primary function is maintaining the peg, enhancing capital efficiency and optimizing yields for OETH holders (yield farming CRV and CVX tokens)

Change: Functionally the same.

Oracles

Initial Report: OETH relies on Chainlink oracles to ensure accurate pricing of all LSD tokens (except frxETH) during deposit and withdrawal. Oracles are also used when selling reward tokens for additional yield and OGV buybacks.

Change: Most of the price feeds used are no longer relevant to protocol asset pricing besides a custom Chainlink price feed OETH/ETH, CRV/ETH and CVX/ETH price feeds related to reward tokens. OGV buybacks are now OGN buybacks since the merger.

The Zapper

Initial Report: Minting of OETH using ETH and sfrxETH.

Change: Mints OETH using ETH only now.

The Harvester and Dripper

Initial Report: Harvester collects rewards earned by the strategies, sells them for WETH, and forwards the proceeds to the Dripper contract. Yields are gradually distributed to OETH holders over three days.

Change: functionally the same, but distribution now occurs over 7 days.

Wrapped OETH

Initial Report: ERC-4626 compliant wrapped version of OETH, which appreciates while maintaining a fixed quantity. As opposed to OETH which is a rebasing token. wOETH was a marginal token with very few holders.

Change: functionally still the same, wOETH holders have doubled but wOETH still remains a marginal token accounting for 11% of total supply. Relative to the initial analysis, this represents a slight decline of ~2% following a prolonged single digit percentage period between Dec 2023 and May 2024.

Source: Origin Analytics - Percentage of wrapped OETH

Section 2: Performance Analysis

2.1 Usage Metrics

2.1.1 Total Value Locked (TVL)

Source: DeFiLlama - OETH TVL

Looking at Origin Analytics, Protocol owned liquidity (POL) continued to decline and now represents 18% of total supply. The upward TVL trend seen in the initial report has since flattened.

Source: Origin Analytics - OETH Total Supply

2.1.2 Transaction Volume

Note: Transaction volume includes all on-chain operations, including mint, burn and all other methods. Transaction count includes all on-chain token transfers.

Source: Etherscan and CoinGecko

In our initial analysis, Curve exploits caused three days to experience significantly larger trade volumes and therefore skewed the average at the time.

Source: CoinGecko | 04/26/2024 - 07/25/2024

Recent trade volume has seemingly declined, with July 2024 only experiencing 2 days of trade volume over $1M.

Source: Etherscan | 04/26/2024 - 07/25/2024

On-chain transactions have experienced a general uptrend from June to July.

2.1.3 DEX Volume

DEX volume remained low since the drop off seen a year ago.

Source: Dex Guru | 07/07/2024 - 07/25/2024

2.1.4 Average Transaction Size

Relative to the initial all-time 62.24 OETH average transaction size, there's been a decline to 51.97 OETH.

Source: Bitquery Explorer

2.1.6 Active Addresses/Users

Note: According to the Token Terminal methodology, an active user is an address that has interacted with at least one of the six Origin protocol smart contracts: OGV, OUSD, OETH, OUSD Vault, OETH Vault, and OUSD Flipper.

Active daily users have grown significantly. In the initial analysis observation over a 90-day period, the Origin protocol recorded 130 active users, averaging 1.44 active users daily. Now the daily figures are regularly double digits, with a high of 241 active addresses in a single day (05/24/2024) and low of 24 (07/26/2024).

Source: Token Terminal

2.1.7 User Growth

Source: Etherscan

2.1.8 DeFi Integrations

In our initial analysis, the vast majority of OETH held in contracts was in Curve pools, with a minor presence on Pendle yield futures platform. Integrations have increased, introducing wider DeFi utility mainly on Arbitrum. Full list of OETH ecosystem.

  • Morpho Blue: Peer-to-peer lending, wOETH/WETH pool.

  • EigenLayer: Restaking, LST collateral. Eigenpie Pendle: yield futures protocol that allows users to earn a fixed yield on their OETH.

  • Silo Finance: WOETH/ETH/USDC.e money market

  • Curve: OETH/ETH pool, primary DEX that contains protocol owned liquidity via the AMO.

  • Dolomite: Margin trading and lending protocol, wOETH

  • SummerFi: ETH/wOETH derivative looping via Morpho.

  • Shezmu: Collateralized Debt Position (CDP) platform.

  • Interest Protocol: Collateralized Debt Posiiton platform to mint the USDi stablecoin.

  • Davos: Collateralized Debt Position (CDP) platform to mint the DUSD stablecoin.

  • Origami Finance: Automated leverage protocol.

  • InceptionLRT: A protocol for streamlining restaking processes.

  • Zerog: A liquid restaking protocol.

2.2 Competitive Analysis Metrics

2.2.1 Market Share

OETH now falls within the LSD market and as a new entrant its TVL market share only accounts for 0.278% (37,721 ETH / 13.56M ETH) as of 07/26/2024. Relative to other participants this places OETH in 12th position out of 28 tracked by DeFiLlama.

2.2.2 Trading Volume Share in Total LSD Trading Volume

Source: CoinGecko | 4/24/2024 - 7/23/2024

Compared to the LSD’s previously onboarded to Prisma (wstETH, rETH, sfrxETH, cbETH, ETHx), OETH volumes are, on average, lower than wstETH, rETH and cbETH in daily volume but performs marginally better than sfrxETH and ETHx over the 90 day period observed.

Source: CoinGecko | 4/24/2024 - 7/23/2024

2.2.3 Protocol Staking Yield

As noted in the initial report, higher historic yields were associated with CRV and CVX rewards farming; this continued decline could be attributed to a reduction in asset allocation to AMO strategies due to a prior vote (see section 1.1.1) and a higher allocation to SSV due it being a more scalable yield source, according to the Origin team.

Source: Dune Analytics - OETH APY

OETH still outperforms onboarded LSD’s, rETH, stETH and sfrxETH but its lead has narrowed.

Source: DeFiLlama | 04/24/2024 - 07/23/2024

2.2.4 Slashing Rate

No SSV validators have been slashed to date. Additionally, staking service provider, P2P has also not been slashed.

2.3 Subsidization of Economic Activity

2.3.1 Existence of an Incentive Program

As described in section 1.1.7, OGN has since inherited OGV/veOGV governance and value accrual properties. In addition to OGN staking rewards (xOGN) from OETH and OUSD performance fees, a 1-year incentive program of ~6.84 OGN/block has been allocated to OGN stakers, beginning May 28, 2024. Other incentives programs related to driving OETH adoption include (related to LST model):

  • Dolomite: Origin allocated 24,000 ARB to the Dolomite wOETH pool, starting July 2024 to incentivize liquidity.

  • primeETH: an OETH backed liquid restaking derivative. Following a merger with YieldNest LRT ynLSD, a portion of YieldNest’s governance token YND has been allocated to holders and xOGN (2.5%) as a part of the migration.

  • Morpho: wOETH/WETH pool liquidity incentives worth $45k in OGN rewards over 3 months & 6667 MORPHO over 30 days from June 6 2024.

  • Arbitrum: 185,000 ARB incentives for wOETH users on Arbitrum over 12 weeks (from May 2024), with distributions to AMMs and money markets on the network. (allocations were made to Gyroscope, Ramses and Silo Finance incentives)

Recent incentives in Arbitrum indicate a push to expand OETH usage and utility to another network.

Section 3: Market Risk

3.1 Volatility Analysis

3.1.1 Liquid Staking Basis (LSB)

Note: The LSB (Liquid Staking Basis) represents the price difference between OETH (liquid staking token) and its underlying asset, ETH.

Source: Coingecko Historical Data | 04/24/2024 - 07/23/2024

LSB between OETH and ETH appears to have increased when comparing the absolute values of the 90 day averages of 0.31% and 0.12%.

3.1.2 Relative Volatility

OETH daily returns averaged 3.022%, previously this was 1.77%. Compared to ETH average daily returns are 3.001%, so this is inline with the underlying asset.

Source: Coingecko | 04/25/2024 - 07/24/2024

3.1.3 Yield Volatility

Note: Yield volatility is calculated from reported DeFiLlama APY compared against the STYETH ETH staking yield index.

OETH yield for periods experienced less volatility than the index.

Source: DeFiLlama and Compass ETH Staking APY index | 04/25/2024 - 07/24/2024

Additionally, OETH yield outperformed the STYETH index (3.80% vs 3.26%) and generally exhibited more consistent yields.

Source: DeFiLlama and Compass ETH Staking APY index | 04/25/2024 - 07/24/2024

3.2 Liquidity Analysis

3.2.1 Supported DEXs and CEXs

Previously, OETH liquidity was concentrated on Curve but has now expanded to centralized exchanges MEXC and Poloniex. wOETH is also supported on Arbitrum but is limited to Balancer.

Source: Coinmarketcap

3.2.2 LSD Token Total On-chain Liquidity

Liquidity still seems to be concentrated on Curve (98%), similar to the 97% share seen in the initial analysis. Total on-chain liquidity reported by DexGuru is ~$44.23M.

Source: DexGuru | 07/22/2024

3.2.4 Leverage Ratio

wOETH is listed as collateral on the following money markets:

  • Morpho: Mainnet wOETH/WETH pool, with a 86% liquidity LTV.

  • Silo Finance: Arbitrum WOETH/ETH/USDC.e, currently 0% utilization.

  • Dolomite: Arbitrum wOETH, 80.00% liquidation threshold

  • SummerFi: ETH/wOETH derivative looping via Morpho.

  • Shezmu: ETH money market, wOETH.

  • Interest Protocol: Mainnet with max 50% LTV.

  • Davos: Mainnet with max 66% LTV.

  • Origami Finance: Mainnet, 5x leveraged strategy on Morpho's lend market (86% LLTV).

Source: Dolomite

Source: Morpho

Utilization is most active on Morpho, while the Silo WOETH/ETH/USD.e market on Arbitrum has somewhat lower utilization (35% on ETH and 3% on USD.e). This could be due to the recency of these markets, as incentives were announced fairly recently (see section 2.3.1).

3.2.5 Slippage

Source: DeFiLlama | 07/27/2024

Price resistance has declined slightly, with more marginal slippage being affected by a lower dollar value and quantity of OETH.

Section 4: Technological Risk

4.1 Smart Contract Risk

4.1.1 Protocol Audits

2 recent audits have been done that relate to OETH:

The Perimeter audit had 1 high risk finding, which seems to be mitigated with the 0.1% exit fee. The OpenZepplin audit focused on OETH’s integration with SSV Network (NativeStakingStrategy), observing 2 medium and 1 low severity finding. 1 medium and the sole low severity concerns were resolved, while the remaining medium severity finding was acknowledged but now resolved.

4.1.2 Concerning Audit Signs

Due to rounding errors in the amount minted, amount redeemed, and yield gained after rebasing, a malicious actor could receive a yield in OETH redeemable for more WETH than minted to the vault before the rebase (stealing from other users and the vault). An example is a potential sandwich attack around a rebase transaction. A recommendation was made to remove rounding errors from the protocol or to keep the redemption fees sufficiently high. Potential loss of funds protections are essential and assessing whether the 0.1% exit fee is high enough to cover all rounding error scenarios.

4.2 Product and Layer Composability

4.2.1 Dependencies

SSV Network

Origin protocol integrates with the SSV Network to manage validators and staking operations. The NativeStakingSSVStrategy contract shares functionalities with other OETH contracts, with functions such as collectRewardTokens to gather both consensus and execution rewards and checkBalance to view the amount of ETH backing the strategy. Execution rewards are collected in the FeeAccumulator, which includes transaction fees and MEV rewards, whereas consensus rewards are sourced from the Beacon Chain.

As a Distributed Validator Technology (DVT) ETH staking network, SSV Network currently has over $3.6B in TVL, 1.1M ETH staked, 34,507 validators and 771 registered operators.

SSV audit history can be found here.

4.2.2 Withdrawals Processing

Withdrawals are no longer returned in LSDs but in WETH only. Withdrawals continue to be available with two active methods, one being integrated presently, and another in beta-testing.

Currently Available Withdrawal Methods

  • Instant Vault Redemption: Users may pay a 0.1% fee to redeem OETH for WETH held in the Vault. This value is 311 WETH on 8/6/24 and is idle funds acting as a buffer. The fee accounts for rounding errors described in section 4.1.2.

  • OETH AMO (Curve Pool): Users may directly swap OETH for ETH in the Curve pool. This value is 6,826 ETH. Swapping incurs a 0.04% swap fee and slippage depending on swap size. The Origin multisig can burn AMO OETH and exit staking validators as needed to balance the pool in case of heightened redemption demand.

  • Async Withdrawal: The async withdrawal proposal is in governance at time of writing. According to the Origin team, it is expected to pass and will be executed this week. This will involve a queuing process as it involves exiting validators to process redemptions. It will honor withdrawals 1:1 with no fee.

Upcoming Withdrawal Methods

  • Automated Redemption Manager (ARM): This innovative redemption process is undergoing testing and is intended to allow instant 1:1 swaps of OETH to ETH. Instead of using a bonding curve to price assets, it prices against borrow rates and the length of the redemption queue. Given that OETH can be redeemed 1:1 for ETH after some unstaking period, and the ARM can front ETH by charging the market rate, it can competitively quote the time value of the LSD.

Async Withdrawals

The introduction of async withdrawals presents a tangible improvement to the redeemability assurances of OETH, which until now has primarily depended on indirect redemption through the Curve pool managed by the OETH AMO. Since async withdrawals will become available imminently (the OETH withdrawal queue is expected to by live by mid-August), we explore the process further.

The design aims to allow both the public and the OETH ARM to make asynchronous, perfectly 1:1 withdraws. It should protect against yield attacks that can happen with a rebasing token, and prevent flash loan mint/redeem attacks from imprecisions.

A validatorRegistrator manages SSV validator registration, staking, exiting, and removal. This is currently a Defender that can be used by the OETH team or by automated Defender Actions. The automated doAccounting() processes will convert to WETH and transfer to the vault, precluding the Guardian role from actively managing the redemption flow.

Source: Origin GitHub

4.3 Oracles Pricefeed Availability

4.3.1 Understanding the Oracle

Development on the custom oracle that would use a dual data sourcing architecture was abandoned after a bug was found in Curve's oracle implementation. It was intended for the OETHOracle contract to be updated by the OETHOracleUpdater from aggregated on-chain OETH/ETH prices from Curve. Essentially, the OETHOracleUpdater isn’t used to update price data on the OETHOracle. The initial intent of the contract was to provide an oracle for lending platforms to price OETH as collateral.

The OETH/ETH oracle, an EACAggregatorProxy contract, is used as a trusted proxy (only access-enabled addresses) for updating price feeds fetched from an underlying Chainlink aggregator (a receiver contract for periodic data updates). Since the price feed went live (8/3/2024), the mean and median prices were 1.000385 and 0.996843 respectively over a 30-day period.

Source: OETH/ETH Price Feed Updates | 06/26/2024 - 07/25/2024

The Origin team indicated that potential consumers of the oracle should contact Chainlink before implementing and relying on the oracle, which they have facilitated for their other integrations with Morpho and Silo Finance. In Silo’s case, a custom oracle is used in their wOETH, ETH, USDC.e market which computes wOETH value by converting wOETH to OETH using the Chainlink wOETH-OETH exchange rate and hardcodes OETH 1:1 with ETH.

Given this utilization and further confirmation from the team, OETH is also treated as 1:1 with ETH in the OETH/ETH oracle. One possible risk vector noted by Silo was that “hardcoding OETH to ETH might prevent liquidations if OETH loses its peg to ETH”.

Note additional OETH oracles available by Tellor and DIA.

4.3.3 Attack Vectors

A high reliance on Curve OETH/ETH pool depends on the reliable operation of the pool and the AMO strategy. Additional possible vectors:

  • Rounding error: possibility of sandwich attacks around a rebase transaction i.e. potential loss of user funds/yields, mitigated by exit fee.

  • Centralized services provider: Since +700 validators are assigned to 8 P2P operators this introduces centralization risk. Organizational change or vulnerabilities relate to P2P could also affect validator operations.

  • Custom oracle risk: as mentioned a depeg in OETH from ETH could prevent liquidation given hardcoding.

Section 5: Counterparty Risk

5.1 Governance

5.1.1 Governance Scope

In general xOGN controls the following protocol mechanics:

  1. Yield generation

  2. Fee collection and distribution

  3. Contract upgrades

Changes to the OUSD and OETH contracts and the movement of funds require on-chain proposals, while most other proposals happen off-chain via Snapshot. Votes can be delegated for off-chain proposals only.

A minimum of 20% of the xOGN supply is required to reach quorum. All passing proposals are subject to the 48-hour timelock before being executed. Time-delayed admin actions give users a chance to exit OUSD or OETH if any malicious proposals are passed or the protocol is changing in a way that users do not like. These conditions are similar to the ones seen previously in veOGV.

Other participation criteria include:

  • No minimum xOGN to vote on existing proposals,

  • at least 5,000 xOGN to create a Snapshot proposal and

  • 100,000 xOGN to create an on-chain proposal.

5.1.3 Distribution of Governance Tokens

Voting power and unique addresses that have voted is no longer visible from the governance portal. However when looking at individual proposals, we noted that the address associated with the Origin team still has unilateral power to govern the protocol (can pass quorum alone).

5.1.5 Participation

All off chain participation metrics have increased:

  • Total Proposals: 96 > 117

  • Lifetime Voters: 70 > 114

  • Proposal Authors 18 > 22

  • Proposal Pass rate 62% > 66%

Source: Messari Governor

Origin has made an effort to diversify governance participation through a University Governance Program. 10 universities in the USA have been allocated xOGN as part of the University Governance Program and have been participating in Origin governance at their own discretion, as each university sees fit.

5.2 Economic Performance

5.2.1 Revenue Source

The protocol charges a 20% performance fee (rebase events). 50% of the protocol fee is used to buy back OGN on the open market to be distributed as additional rewards for stakers, while the other 50% going towards acquiring flywheel tokens (CVX) to boost yield generation (see section 1.1.3 for full context).

5.2.2 Revenue

Source: OETH Analytics

Source: Token Terminal

5.3 Legal

The transition to a pure ETH liquid staking token design does not materially alter the legal risk assessment as established in the original report. Our conclusion is predicated on the fact that OETH continues to be backed 1:1 by ETH, preserving the essential characteristic that formed the basis of the initial risk evaluation.

Section 6: Risk Management

6.1.1 Market Risk

LIQUIDITY: Does the token have a liquid market that can facilitate liquidations in all foreseeable market events?

OETH liquidity still remains predominantly on Curve, with the AMO playing an important role in its liquidity management and additional revenue generation. This trade off, as previously noted, increases reliance on a single DEX for liquidity. The addition of 2 centralized exchanges improves the initial low market depth with consistent daily volume going through these CEXs (e.g. MEXC and Poloniex handled >70% 24h market volume on July 27).

VOLATILITY: Has the asset had any significant depeg events?

Relative to the initial analysis, price deviations were largely similar, with marginally higher deviations in LSB (market price in comparison to the underlying).

In terms of yield, volatility was comparable with the ETH staking index and outperformed it generally. The simplification of strategies employed also reduces the volatility risks associated with managing multiple strategies.

6.1.2 Technology Risk

SMART CONTRACTS: Does the analysis of the audits and development activity suggest any cause for concern?

The native staking model contracts have been audited and the discontinuation of multiple strategies removes a layer of complexity that created potential vectors. A new dynamic is introduced with the integration of SSV Network’s staking services, 3rd party smart contract dependency risk now becomes a factor to be aware of.

DEPENDENCIES: Does the analysis of dependencies (e.g. oracles) suggest any cause for concern?

Vault withdrawals are currently available, albeit in an incomplete form that relies on an indirect approach. The primary redemption mechanism currently requires OETH holders to swap through the Curve pool, which is regularly balanced via the OETH AMO. There is an improvement becoming available imminently with async withdrawals undergoing a DAO vote for integration. This will be supplemented at a later date with an innovative Automated Redemption Manager (ARM), a process that will allow immediate OETH:ETH swaps with no fee.

OETH utilizes a custom price feed that accesses aggregator Chainlink data via AggregatorV3Interface. The Chainlink compatible contract has yet to be audited but is currently used by Silo Finance for pricing collateral. In the event of a depeg of OETH to ETH, liquidations may be prevented. Since access is controlled it's reasonable to assume that there are anti-manipulation measures in the absence of an audit.

6.1.3 Counterparty Risk

CENTRALIZATION: Are there any significant centralization vectors that could rug users?

The team-controlled strategist multisig (Guardians) still controls important functions related to assets and operations, including pausing deposits and withdrawals. In the worst case, it may prevent legitimate withdrawal requests from being fulfilled, although its power is limited to controlling the flow of funds within the strategies approved by the DAO. The team-controlled admin multisig continues to have significant control over the outcome of voting, so although governance is on-chain, it has yet to progress to a level of being credibly decentralized.

The use of a single staking service provider also introduces another dimension of centralization, however since P2P provides services to over 130 institutional clients and has over $7.5B in TVL they should be considered a credible and low-risk operator.

LEGAL: Does the legal analysis of the protocol suggest any cause for concern?

The revised yield accrual mechanism, particularly the implementation of native staking and corresponding rewards, provides additional support for Origin Protocol Labs' position regarding the decentralized nature of OETH. The transition reinforces the argument that OETH is neither issued, custodied, sold, nor facilitated by a centralized entity. Furthermore, the shift to native staking-derived income mitigates counterparty risk (e.g. reduces reliance on potentially vulnerable lending strategies). This revised mechanism maintains consistency with the decentralized ethos of the protocol.

6.1.4 Risk Rating

The following chart summarizes a risk rating for wOETH as collateral based on the risks identified for each category. The rating for each category is ranked from excellent, good, ok, and poor.

  • We rank wOETH as ok on liquidity (no change) because its liquidity profile has not materially changed since our previous review. The introduction of the ARM redemption mechanism positively influences OETH's liquidity profile.

  • We rank wOETH as good on volatility (no change) because the protocol makes significant use of an AMO that should manage the peg during normal operation and has several redemption mechanisms deployed or in progress to manage the peg.

  • We rank wOETH as good on smart contracts (improved from ok) because it removes complexity associated with additional yield strategies, although the protocol continues to roll out redemption mechanics that introduce potential for bugs.

  • We rank wOETH as good on dependencies (improved from ok) because composability risk from yield strategies has been mitigated, a Chainlink feed is now available, and async withdrawals are recently introduced.

  • We rank wOETH as ok on decentralization (no change) as the team continues to have majority governance power and the strategist multisig maintains a notable influence over protocol operations.

  • We rank wOETH as good on legal (improved from ok) as the transition to a pure liquid staking protocol improves the case that OETH is not issued, custodied, sold, and facilitated by a centralized entity.

Overall we consider the transition of wOETH from an ETH-index token to a pure liquid staking token to materially improve its risk profile. The previous inclusion of arbitrary yield strategies harbored additional composability risks and the potential for governance to introduce high risk strategies. There is now a stronger assurance that the underlying strategies are reasonably contained to native staking, in addition to AMO activities, which OETH maintains from its previous iteration.

The AMO does present an element of centralization, since most liquidity is focused on Curve. Risks associated with the venue or the specific pool may impact liquidation processing or expose the oracle price feed to the risk of manipulation. However, the recent addition of async withdrawals and anticipated introduction of the Automated Redemption Manager for instant 1:1 redemptions both contribute to a lessened dependence on the AMO and secondary market liquidity. There is now a Chainlink price feed, which had previously been a blocker for our recommendation to onboard to Prisma. We now believe that wOETH satisfies reasonable requirements to be considered for onboarding to Prisma.

© 2023 Llama Risk. All rights reserved.