Origin Ether (OETH)
About
Origin Ether (OETH) is a liquid staking token issued by Origin Protocol that auto-accrues Ethereum beacon chain staking rewards while maintaining a tight peg to ETH through deep onchain liquidity and permissionless 1:1 redemptions. Designed for DeFi users and protocols, OETH provides a secure, auto-compounding ETH yield position with no lockups, backed by distributed validator technology (SSV Network) and Merkle Proof-based beacon chain balance verification that eliminates oracle reliance.
Where Does Yield Come From?
Origin Ether (OETH) makes money from Ethereum staking rewards — the earnings that come from helping secure the Ethereum network. Here's how it works:
The staking is handled by validators (a kind of software that locks up ETH and processes transactions). OETH's validators run on a technology called SSV Network, which splits each validator across four independent machines. This way, if one machine fails, the others keep going. Two separate teams (P2P and PierTwo) run these validator groups in different parts of the world, reducing the risk that a single outage or disaster stops everything.
The protocol uses a special kind of validator (type 0x02) that can automatically add rewards back into its own balance — this means rewards compound on their own without anyone needing to take action. These validators can also pull out a portion of their earnings without shutting down entirely. The balances of these validators are checked directly on the Ethereum blockchain using Merkle Proofs (a cryptographic way to verify data), so there's no need for a middleman or outside oracle.
Beyond base staking rewards, OETH can also earn extra incentives from the DVT (distributed validator) platforms. Any bonus income is collected and passed along to OETH holders.
In your wallet, all these rewards are auto-compounding: your OETH balance simply increases over time as rewards roll in.
Origin charges a 20% performance fee — that's 20% of the earnings (not your original deposit). This fee is taken before the rest of the rewards are distributed. Every bit of that fee goes toward buying back OGN tokens, which then flow to people who stake xOGN.
How to get your ETH back: You have two options.
- Slow but exact: Request a withdrawal that goes through the Beacon Chain queue. This takes up to around 8 days, gives you exactly 1 ETH per 1 OETH, and costs nothing.
- Fast but through a trade: Swap OETH instantly for ETH on the OETH/ETH Curve pool. The pool is kept near a 1:1 price by arbitrage traders.
Lastly, OETH has optional tools called Programmatic Yield that let the protocol send staking rewards elsewhere for special purposes — like boosting liquidity pools or lowering borrowing costs. But these are extra features that improve composability, not the main source of yield.
Persons
Josh Fraser
Cofounder
Matthew Liu
Cofounder
Micah Alcorn
Advisor
Domen Grabec
Engineer
Shahul Hameed
Engineer
Aure Gimon
Product Designer
Kara Chang
Executive Assistant
Clément Moller
Engineer
Christopher Jacobs
Senior Engineer
Kelly Hwang
Investments/Treasury
Justin Charlton
Head of Finance
Peter Gray
BD Manager
Ryan McNamara
Product Marketing Manager
Jonathan Snow
Data Engineer
Rafael Ugolini
CEO
Nick Addison
Sr Solidity Engineer
Antoine Codogno
Sr Engineer
Audits
| Audit / Date | Findings | Verdict |
|---|---|---|
Sigma Prime01-02-2026 |
| The OUSD upgrade audit found no critical or high-severity issues; the 3 medium-severity findings were either resolved by the team or accepted as non-actionable, making the upgrade safe to deploy with the applied fixes. |
yAudit24-11-2025 - 28-11-2025 |
| The Origin ARM protocol exhibits solid architectural design, and the one high-severity issue (slashing loss distribution in withdrawal queues) was addressed during the audit engagement, leaving mostly low and informational residual items. Overall the codebase demonstrates strong security fundamentals with limited attack surface. |
Nethermind10-10-2025 - 16-10-2025 |
| With zero findings above Informational severity and the sole Informational issue promptly fixed, the audit indicates a well-engineered and secure staking strategy design with thorough documentation and testing. |
OpenZeppelin06-08-2025 - 20-08-2025 |
| The audit identified one critical, two high, and two medium severity issues in the CompoundingStakingSSVStrategy, with comprehensive fixes applied during the fix review; however, several temporary denial-of-service and minor under-accounting risks remain as accepted risks due to the complexity of synchronizing execution-layer and consensus-layer state. |
| The Sigma Prime audit found 12 issues (1 critical, 5 high, 1 medium, 3 low, 2 informational), all of which were resolved by the development team, indicating a thorough remediation process that addressed the most severe staking and accounting risks before deployment. | |
OpenZeppelin09-06-2025 - 13-06-2025 |
| The audit identified no critical, high, or medium severity issues, only low-severity and informational findings in a well-structured codebase, with all substantive concerns either resolved or acknowledged as unreachable edge cases, indicating the Plume Rooster AMO strategy was in a strong security posture at the time of review. |
OpenZeppelin13-05-2025 - 19-05-2025 |
| The audit identified one critical-to-fix storage gap issue (resolved) and one medium-severity reward-stealing vector (partially resolved with residual risk), alongside several low-severity and informational items that were largely acknowledged but not fixed; the protocol should address the remaining partial mitigation before mainnet deployment, especially the operator-trust dependency in SonicHarvester. |
OpenZeppelin31-03-2025 - 03-04-2025 |
| The audit found no critical, high, or medium severity issues; the sole low-severity finding was acknowledged rather than fixed, and all three client-reported issues were resolved, making the WOETH and Vault update safe for deployment against rapid inflation and share-manipulation attacks. |
OpenZeppelin20-03-2025 - 28-03-2025 |
| The audit found no critical or high severity vulnerabilities; the single medium-severity issue (gauge emergency withdrawal path) and a client-reported front-running concern were both resolved during the engagement, with all low and informational findings acknowledged by the team. This indicates a robust codebase with only minor residual risks tied to trust assumptions in the SwapX gauge and known edge cases. |
OpenZeppelin10-02-2025 - 13-02-2025 |
| One medium-severity issue was identified and resolved before the final report, and the contracts were assessed as well-thought-out and of high quality overall, with no critical or high-severity vulnerabilities. |
Certora26-11-2024 - 12-12-2024 |
| Certora's formal verification of OUSD found zero security findings across all severity levels, with all critical invariants verified and only bounded rounding-error violations explained and accepted. This indicates the OUSD token contract is mathematically sound with respect to the formal rules defined in scope. |
OpenZeppelin26-11-2024 - 02-12-2024 |
| The audit found no critical, high, or medium severity vulnerabilities in the OUSD yield delegation upgrade, with only three low-severity and five informational findings identified, most of which were resolved or acknowledged; the contract was deemed compatible and should continue to function as intended. |
OpenZeppelin15-10-2024 - 21-10-2024 |
| The audit found no critical or high-severity vulnerabilities; the sole medium-severity issue (potential DoS in price adjustment) was resolved, and the two low-severity findings were either acknowledged or partially mitigated, reflecting a well-architected contract with manageable residual risk. |
OpenZeppelin09-09-2024 - 16-09-2024 |
| The contract was found to be securely coded and well-integrated, with no critical, high, or medium severity issues; the two low-severity findings were either resolved or acknowledged with reasonable justification, and the overall audit presents a clean safety profile for the Aerodrome AMO Strategy. |
OpenZeppelin29-07-2024 - 01-08-2024 |
| No critical or high-severity issues were found; both medium-severity findings were resolved before publication, leaving no exploitable vulnerabilities in the withdrawal queue logic. The remaining acknowledged low-severity items are acceptable design trade-offs that do not compromise the protocol's security posture. |
OpenZeppelin13-05-2024 - 27-05-2024 |
| The audit confirms that the Native Staking SSV strategy is thoughtfully designed but relies on a no-oracle accounting model that is inherently manipulable via ETH donation (M-01) and requires active off-chain monitoring and manual strategist intervention to correct edge cases. While no critical or high-severity vulnerabilities were found, the unresolved M-01 and low-severity items mean residual operational risk remains for the protocol. |
OpenZeppelin29-04-2024 - 03-05-2024 |
| The audit found no critical, high, or medium severity issues; the two low-severity findings were either resolved or acknowledged, and the codebase was described as well-written and the team as responsive. This indicates a sound security posture for the OGV/OGN merger contracts. |
Perimeter25-03-2024 |
| The fuzzing report found one high-risk rounding exploit in the refactored OETHVault, but the protocol accepted the risk within defined tolerance thresholds, making the code safe for deployment provided redemption fees remain sufficiently high. |
OpenZeppelin07-08-2023 - 16-08-2023 |
| All three high-severity issues were resolved, and two of four medium-severity findings were fully resolved, with the remaining two acknowledged with mitigations in place (rounding handled via fork tests and MEV protection delegated to VaultValueChecker, single-asset deposits disabled). The audit confirms that after fixes the Balancer MetaPool Strategy can be safely integrated, though residual design risks around depegged assets and certain informational items remain. |
Narya (Narya.ai)17-04-2023 - 08-05-2023 |
| The audit identified five low-severity issues and one gas optimization, all acknowledged and remediated, with no critical or high risks found; the OETH protocol's core security invariants (user fund safety, access control, withdrawal guarantees) all passed the 23 tested properties. |
OpenZeppelin03-05-2023 - 11-05-2023 |
| No critical or high-severity vulnerabilities were found, the single medium-severity issue was resolved during the audit, and all remaining low and informational findings were either fixed or acknowledged by the team, indicating the OETH integration was safe to deploy with no blocking security concerns. |
OpenZeppelin20-03-2023 - 03-04-2023 |
| No critical or high-severity issues were identified; two medium-severity issues were found and resolved, indicating a healthy protocol design. The residual acknowledged items (inconsistent fee accounting, trustee overpayment, and drip schedule nuances) are low-risk design trade-offs with clear rationale from the Origin team. |
OpenZeppelin03-10-2022 - 14-10-2022 |
| This OpenZeppelin audit found no critical or high severity vulnerabilities in Origin Dollar's Convex strategy contracts, with the single medium-severity issue resolved, indicating a generally sound security posture for the audited code. |
Solidified05-05-2022 |
| The audit found no critical or high-severity vulnerabilities, with three acknowledged minor issues and eight informational notes, indicating the audited contracts are safe for deployment. All three minor findings were acknowledged by the Origin team, and no high-risk residual exposure remains. |
OpenZeppelin16-05-2022 - 20-05-2022 |
| Both high-severity findings were resolved before publication, and the medium-severity issues were either fixed or partially addressed, indicating the core governance and staking contracts were left in a reasonable security posture; however, the partially resolved M-01 (potential fund loss with smart-contract recipients) and residual gas-optimization items from the informational notes remain as minor residual risks. |
OpenZeppelin22-10-2021 |
| The audit identified one critical and five high-severity issues, with the critical front-running/MEV vulnerability in reward harvesting and the most impactful high-severity items being addressed via fixes, though the redemption-failure risk (H02) and a few medium-severity items were deliberately retained by the team. Overall, the codebase was found to have appropriate security posture for a live, governable, upgradeable stablecoin protocol. |
Solidified01-12-2020 |
| The audit document was accessible but its text content could not be coherently extracted due to PDF conversion failures, making a reliable severity assessment impossible. |
| The audit identified several medium-to-low severity issues primarily related to governance controls, documentation inaccuracies, and staking logic edge cases, with most findings acknowledged by the team. The garbled OCR conversion prevents precise severity enumeration, but no critical or high-risk vulnerabilities were clearly flagged in the extractable text. | |
Trail of Bits21-12-2020 |
| The audit revealed critical flaws in the Origin Dollar contracts, including a straightforward attack vector to drain funds, pervasive input-validation gaps, and governance design weaknesses; while most issues were fixed, the contracts were deemed not yet ready for deployment at the time of the report, and residual risks remain around EIP-1967 compliance and ERC-20 invariant violations. |
Trail of Bits13-11-2018 - 28-11-2018 |
| Trail of Bits identified four high-severity vulnerabilities including a reentrancy vector and critical access-control flaws, all of which were either fixed or risk-accepted before the updated contracts were deployed to mainnet at 0x698ff47b84837d3971118a369c570172ee7e54c2. |
CyberScope19-12-2022 |
| This audit found only informational/code-quality issues with no critical, high, or medium severity vulnerabilities, indicating the OGN Staking contract presented a low security risk at the time of the review. |
Perimeter03-04-2025 |
| The fuzzing campaign found no exploitable vulnerabilities in the WOETH alternative design, and all 31 invariants passed within established tolerance bounds, indicating the implementation is robust against the attack vectors tested. |
| The audit found three medium-severity issues that were all resolved before the audit's conclusion, with the remaining low and informational items either closed or fixed; the consolidated validator migration mechanism now has strengthened onchain validation to reduce reliance on offchain trust assumptions. | |
Solidified11-07-2022 |
| The Solidified audit found no critical issues in the OGN Staking contracts, but identified a medium-level logic flaw in season advancement mechanics that warranted remediation. The garbled conversion prevents a complete severity breakdown, so the full risk profile cannot be fully assessed from this extraction alone. |
Rappie08-03-2023 |
| The audit found no critical or high-severity issues in the PR #1239 code changes, with only minor recommendations from the manual review and fuzzing confirming resilience against the USDs-style exploit, indicating low risk for the OUSD rebasing accounting changes. |
Rappie01-02-2023 - 31-03-2023 |
| This research document identifies inherent rounding-error limitations in OUSD's rebasing token design that cannot be fully eliminated under the current architecture, but offers practical mitigations such as reverting zero-credit mints, dynamic supply tracking, and improved transfer rounding policies. |
Legal
Legal form
Origin Protocol Labs (stated as the Company providing the Services in the Terms of Service; copyright footer also references "Origin Protocol, Inc.")
Registration jurisdiction
Cayman Islands (registered address: Floor 4, Willow House, Cricket Square, Grand Cayman KY1‐9010, Cayman Islands)
Status and notes
Disclosed operator per Terms of Service and Privacy Policy: Origin Protocol Labs, with a registered address in Grand Cayman, Cayman Islands. The website footer displays "© 2026 Origin Protocol, Inc. All rights reserved." Terms of Service (last updated September 5, 2024) and Privacy Policy (last updated October 30, 2020) are available at /tos and /privacy respectively. Contact email: [email protected]. Alternative dispute notice address: P.O. Box 61, Harbour Centre George Town, Grand Cayman, KY1-1102, Cayman Islands.