search

Risk Framework

As with any yield-generating DeFi product, there are risks that are important to understand. These risks can be broadly classified into 4 categories:

  • Smart Contract Risk

  • Third-party Platform Risk

  • Underlying Collateral Risk

  • Slashing Risk

hashtag
Smart Contract Risk

Our smart contracts have been auditedarrow-up-right by multiple well-respected security firms. However, it is important to note that even with formal audits, it is still possible for there to be logic errors that could lead to the loss of funds. The contracts involve complex math and logic. While we have taken every precaution to ensure the safety and security of our smart contracts, users are reminded to use at their own risk. Origin Protocol will not be held responsible for any loss of funds, regardless of who is at fault.

hashtag
Third-party Platform Risk

Many of Origin’s products have exposure to other platforms, such as Curve and Morpho. We’ve chosen to work with platforms that have a long history of securing billions of dollars of assets and have made reasonable efforts to ensure the security of their protocols. However, there are no guarantees that the underlying third-party platforms will continue to work as intended, and any failure in an underlying strategy would potentially lead to a loss of funds for holders of Origin’s yield-bearing tokens or ARM depositors.

hashtag
Collateral Risks

It is important to understand that Origin’s yield-bearing tokens are only as strong as their backing collateral. Any loss of value to underlying assets would cause a similar loss to the value of Origin’s yield-bearing counterparts. Origin only onboards high quality collateral assets to its yield-bearing tokens: USDC backs OUSD, ETH backs OETH, and S backs OS.

hashtag
Slashing Risk

In Ethereum's Proof-of-Stake system, validators put up ETH as collateral to participate in validating transactions and creating new blocks. This is what is known as staking.

Slashing is when some or all of a validator's staked ETH is taken away as a penalty. It happens if a validator breaks the rules or acts carelessly. Reasons for slashing include:

  1. Double signing: Trying to validate two different versions of the truth.

  2. Liveness faults: Not being online and active when needed.

  3. Safety faults: Actions that risk the network's security.

Slashing is crucial for two main reasons:

  1. It stops dishonest behavior by making validators lose money if they break the rules.

  2. It promotes network reliability by punishing careless actions.

In essence, slashing ensures validators have a financial reason to do their job correctly and keeps the Ethereum network secure.

If any of the node operators that are backing OETH are slashed, you can expect that OETH holders will similarly lose money. In the case of a minor slashing like we've seen to date, the result will be that OETH holders will earn slightly less yield. In the event of a major slashing, you can expect that OETH will drop in value proportional to the percentage of the backing LST that was impacted. However, this risk is mitigated by using DVT (Distributed Validator Technology) which distributes transaction validation across multiple nodes, enhancing security and reliability. This reduces the risk of single points of failure and ensures a more decentralized, robust staking process, protecting against validator downtime or malicious activity.

hashtag
Risk Mitigation

While it's impossible to guarantee our contracts are 100% safe, we have taken every step possible to mitigate the chance of losing funds:

We regularly have our work auditedarrow-up-right by the top auditors in the industry.

DeFi insurance is available to offer smart contract coverage as an optional add-on service for OUSD holders through Nexus Mutualarrow-up-right, Lunosarrow-up-right, and OpenCoverarrow-up-right. Super OETH depeg insurance is available through OpenCoverarrow-up-right. OS exploit or oracle manipulation insurance is available through Safuraarrow-up-right.

We have also retained yAuditarrow-up-right to look at our PRs as we code. Certoraarrow-up-right has helped us establish automated verifications that will run anytime we update our contracts. We have automated checking for common errors with Slitherarrow-up-right and Echidnaarrow-up-right tests. Together, these alert our team to common security issues in addition to our own test suite.

Code reviews involving our smart contracts are incredibly rigorous. We require at least two engineers to review each change with a detailed checklist and we prioritize security reviews over new feature development.

Finally, we have formalized an engineering rotationarrow-up-right for reviewing attacks on other projectsarrow-up-right as well as ensuring we deep dive into each of these reviews, including reviewing the affected contracts' source code ourselves. We've observed that attackers often exploit the same fundamental vulnerability on multiple different projects. By reviewing other project's vulnerabilities, we force ourselves to stay up to date on the latest security threats in our industry and are constantly learning from their mistakes.

hashtag
Actions Speak Louder than Words

You should also know that many members of the Origin team, including both founders, are holding a significant portion of their personal wealth in Origin’s yield-bearing tokens. Origin Protocol's corporate treasury is also holding millions of dollars in OUSD and OETH. We have skin in the game and are willing to put our own money at risk with the code we have written.

PreviousAuditsNextBug Bounties

Last updated