Origin Protocol
About
Origin Protocol builds audited, composable yield-bearing tokens and liquidity infrastructure for DeFi, operating since 2020. Its product suite includes Origin Ether (OETH, an Ethereum LST with Merkle Proof validator verification), Origin Dollar (OUSD, a fully liquid yield-bearing stablecoin backed by USDC deployed into Morpho and Curve strategies), Automated Redemption Manager (ARM, an arbitrage-driven yield vault), Super OETH (a Base-native LST combining Beacon Chain staking with AMM incentives), and Origin Sonic (OS, a Sonic-native LST). All products share a common battle-tested codebase, are fully collateralized, and are governed by xOGN stakers.
Where Does Yield Come From?
Origin Protocol generates yield through five different products. A 20% performance fee is taken from all yields before depositors get their share, and that fee is used entirely to buy back OGN tokens for xOGN stakers (people who lock up the protocol's governance token).
1. OETH (Origin Ether) — A liquid staking token on Ethereum. Yield comes from Ethereum's Beacon Chain staking rewards. Origin runs two groups of validators (four nodes each) spread across different regions using SSV Network's distributed validator tech. The protocol verifies validator balances directly onchain using Merkle Proofs (no middleman oracles needed). "0x02" validators allow rewards to compound automatically — earnings add directly to validator balances without extra scripts, and partial withdrawals make liquidity faster. The AMO (Automated Market Operator) keeps protocol-owned liquidity ready so OETH stays close to ETH's price. You can redeem asynchronously (up to ~8 days via Beacon Chain queue) or swap instantly through Curve pools.
2. OUSD (Origin Dollar) — A yield-bearing stablecoin fully backed 1:1 by USDC. That USDC gets deployed into:
- Morpho lending vaults (co-managed by Origin and Yearn) on Ethereum, Base, and HyperLiquid — USDC is lent out against high-quality collateral, with Yearn handling daily allocation. Cross-chain yield is bridged back to Ethereum mainnet using Circle CCTP.
- Curve OUSD/USDC pool (usually under 20% of collateral) providing instant exit liquidity and earning LP rewards (including CRV).
Yield is boosted by a rebasing design — contracts that don't rebase forfeit their yield to active holders. Spreading deposits across multiple Morpho markets reduces yield compression (diminishing returns from too much capital in one place). Pooled gas costs make frequent compounding affordable, and the AMO can earn up to 2x rewards on the same capital.
3. Super OETH (superOETHb) — A Base-native liquid staking token. ETH staking rewards come from bridged wOETH (sent from Ethereum to Base via Chainlink CCIP). The protocol-owned AMO liquidity in the superOETHb/WETH Curve pool on Base generates AMM incentive tokens, which are harvested and given to holders daily as extra yield. The AMO also keeps the token price tight. Collateral stays on Ethereum mainnet — only yield and redemption liquidity cross the bridge, limiting risk.
4. ARM (Automated Redemption Manager) — An onchain arbitrage engine for liquid staking tokens (stETH, eETH, OS). When an LST trades below its true redemption value on secondary markets, the ARM buys the discounted token and redeems it for the underlying collateral. When there's no arbitrage opportunity, the capital sits in Morpho lending markets (Ethereum ARM vaults) or Silo (Sonic ARM vault) earning lending yields. This gives a yield floor from lending during calm periods and extra upside from arbitrage during volatile periods.
5. Origin Sonic (OS) — A Sonic-native liquid staking token earning staking yield from the Sonic network, with similar AMO mechanisms to maintain its peg.
Programmatic Yield Infrastructure: Yield Forwarding lets staking rewards be sent to other contracts for better AMM/lending efficiency. Pool Booster directs yield to liquidity provider reward gauges. Borrow Booster sends yield to Merkl to subsidize borrowing rates for users.
Persons
Josh Fraser
Cofounder
Matthew Liu
Cofounder
Micah Alcorn
Advisor
Domen Grabec
Engineer
Shahul Hameed
Engineer
Aure Gimon
Product Designer
Kara Chang
Executive Assistant
Clément Moller
Engineer
Christopher Jacobs
Senior Engineer
Kelly Hwang
Investments/Treasury
Justin Charlton
Head of Finance
Peter Gray
BD Manager
Ryan McNamara
Product Marketing Manager
Jonathan Snow
Data Engineer
Rafael Ugolini
CEO
Nick Addison
Sr Solidity Engineer
Antoine Codogno
Sr Engineer
Audits
| Audit / Date | Findings | Verdict |
|---|---|---|
Sigma Prime01-02-2026 |
| The audit found no critical or high-severity vulnerabilities, with all medium-risk issues either resolved by the development team or acknowledged as non-exploitable under current conditions, indicating that the OUSD Upgrade contracts were assessed to be in a reasonably secure state for deployment. |
| Sigma Prime identified 8 findings (3 medium, 1 low, 4 informational), all of which were resolved or acknowledged by the Origin Protocol team, demonstrating a thorough remediation cycle prior to deployment. | |
yAudit24-11-2025 - 28-11-2025 |
| The Origin ARM protocol demonstrates solid architectural design and appropriate access controls, with the one high-severity issue regarding slashing loss distribution addressed during the audit. Overall the codebase shows strong security fundamentals with limited attack surface for malicious actors. |
Nethermind10-10-202516-10-2025 |
| The audit found only one informational issue (an off-by-one error capping validators at 47 instead of 48), which was promptly fixed, and no vulnerabilities of critical, high, medium, or low severity were identified, indicating strong code quality and thorough testing. |
OpenZeppelin06-08-2025 - 20-08-2025 |
| The audit resolved or partially resolved the critical and high-severity issues, but residual temporary denial-of-service and under-accounting risks tied to consensus-layer edge cases remain and have been acknowledged by the Origin Protocol team as accepted. Given the complexity of synchronizing execution and consensus layer states, continued monitoring and further review are recommended. |
Sigma Prime01-09-2025 |
| Sigma Prime's audit of the Origin Protocol Compounding Staking Strategy identified 12 issues (1 critical, 5 high, 1 medium, 3 low, 2 informational), all of which were fully remediated by the development team except one informational item that was acknowledged and closed. The comprehensive refactoring of the deposit-tracking logic addressed the most severe array-manipulation and state-transition risks, resulting in a materially improved security posture for the protocol. |
OpenZeppelin09-06-2025 - 13-06-2025 |
| The audit uncovered no critical, high, or medium severity vulnerabilities, only low and informational findings — all of which were either resolved or acknowledged — reflecting a well-structured codebase and a sound security posture for the Plume Rooster AMO strategy. |
OpenZeppelin13-05-2025 - 19-05-2025 |
| The two substantive security issues (high-severity storage gap and medium-severity reward-stealing vector via Magpie) were either resolved or partially mitigated, meaning the core ARM contracts can be deployed with reasonable safety if the remaining partially resolved medium issue is understood and accepted by the protocol team; the seven low-severity items were mostly acknowledged as acceptable design choices for initial deployment. |
OpenZeppelin31-03-2025 - 03-04-2025 |
| The audit did not find any critical or high-severity vulnerabilities; the one low-severity issue was acknowledged with minimal residual risk, and all three client-reported findings were successfully remediated, making the protocol updates safe for deployment against rapid inflation attacks. |
OpenZeppelin20-03-2025 - 28-03-2025 |
| The audit found no critical or high-severity vulnerabilities; one medium-severity issue and a client-reported front-running risk were both resolved before publication, while three low-severity items and two informational notes were acknowledged by the team, indicating a clean and robust codebase with only residual edge-case risks. |
Perimeter03-04-2025 |
| The fuzzing engagement found no exploitable vulnerabilities in the WOETH contract, and all 31 invariants passed within acceptable rounding tolerances after billions of test calls. This suggests the core WOETH implementation is robust against the fuzzed attack surfaces, though the report is limited to fuzzing coverage and does not constitute a comprehensive manual security review. |
OpenZeppelin10-02-2025 - 13-02-2025 |
| The audit found no critical or high-severity issues; the sole medium-severity finding was resolved, and the remaining acknowledged low and informational items represent accepted design trade-offs and code clarity improvements rather than security risks, indicating the protocol is sound for deployment. |
Certora26-11-2024 - 12-12-2024 |
| Certora's formal verification of OUSD confirms the contract is mathematically correct for all verified rules, with the only violation being a bounded rounding discrepancy inherent to the rebasing mechanism under low-resolution conditions, not a security exploit. No security vulnerabilities were identified across any severity level. |
OpenZeppelin26-11-2024 - 02-12-2024 |
| The OpenZeppelin audit of the OUSD yield delegation upgrade found no critical, high, or medium severity vulnerabilities, with only three low-severity and five informational items identified, most of which were addressed by the Origin team. The codebase was deemed compatible with the previous version and expected to function as intended post-upgrade. |
OpenZeppelin15-10-2024 - 21-10-2024 |
| The audit found the ARM contracts to be well-thought-out with no critical or high severity issues, and the single medium-severity finding (potential DoS in setCrossPrice) was resolved during the audit engagement. |
OpenZeppelin09-09-2024 - 16-09-2024 |
| The audit concluded the contract is securely coded and well-integrated, with two low-severity items (one resolved, one acknowledged) and no critical, high, or medium findings, indicating the Aerodrome AMO strategy poses minimal security risk. |
OpenZeppelin29-07-2024 - 01-08-2024 |
| All critical and high severity findings were zero; the two medium issues were resolved before publication, and the two acknowledged low-severity items represent accepted design trade-offs for the withdrawal queue, making the audited code safe for deployment with continued monitoring of queue liquidity. |
OpenZeppelin13-05-2024 - 27-05-2024 |
| The audit found no critical or high-severity vulnerabilities, with both medium-severity findings either resolved or acknowledged by the team. However, the system's reliance on off-chain monitoring and manual strategist intervention for accounting accuracy introduces operational risk that is a design trade-off of not using a staking oracle. |
OpenZeppelin29-04-2024 - 03-05-2024 |
| The audit found no critical, high, or medium severity vulnerabilities, with the only low-severity finding resolved and the rest being documentation or best-practice items, indicating the merge contracts were well-constructed at the time of review. |
Perimeter25-03-2024 |
| The fuzzing engagement concluded that all identified rounding errors fall within acceptable tolerance thresholds defined with Origin Protocol, allowing safe deployment of the refactored OETHVault code provided redemption fees remain sufficiently high to deter yield-stealing sandwich attacks. |
OpenZeppelin07-08-2023 - 16-08-2023 |
| The audit found three high-severity issues, all resolved or mitigated via design changes (oracle removal, VaultValueChecker safeguards), and the medium-severity issues were largely addressed or accepted with compensating controls, making the strategy safe for deployment under the stated trust assumptions (strategist-only deposits/withdrawals, Balancer/Aura as trusted external contracts). |
Narya17-04-2023 - 08-05-2023 |
| All five identified issues were Low severity and the Gas finding is minor, with each acknowledged and remediated by Origin Protocol, meaning no critical or high-risk vulnerabilities existed in the audited OETH codebase at the time of testing. |
OpenZeppelin03-05-2023 - 11-05-2023 |
| No critical or high-severity issues were found, and the single medium-severity finding was resolved, demonstrating that the OETH integration code is generally secure. However, several acknowledged-but-unresolved design concerns (e.g., permitting deposits when redemptions may be blocked, indefinite allowances) introduce minor residual risk that should be considered during market disruptions or protocol upgrades. |
OpenZeppelin20-03-2023 - 03-04-2023 |
| No critical or high-severity vulnerabilities were identified, and both medium-severity issues were resolved, indicating a sound design for the Dripper and Uniswap V3 strategy additions, though several acknowledged informational items and the partially resolved locked-ETH finding remain as residual considerations. |
CyberScope19-12-2022 |
| The audit found no critical or high-severity issues, with all nine findings classified as Minor/Informative and centered on code quality, gas optimization, and naming conventions rather than exploitable vulnerabilities. The staking contract's core logic appears sound from a security perspective, though the unresolved recommendations suggest opportunities for improvement in robustness and adherence to best practices. |
OpenZeppelin03-10-2022 - 14-10-2022 |
| The OpenZeppelin audit found no critical or high severity vulnerabilities, and all medium and low severity findings were resolved or acknowledged, concluding that the Origin Dollar Convex integration was safe for deployment with no outstanding blockers. |
Solidified11-07-2022 |
| The audit found no critical issues, though at least one finding concerning season advancement logic was identified and remediation was recommended. The poor text extraction prevents a precise count of lower-severity issues, so the report should be consulted directly for full details. |
Solidified05-05-2022 |
| The audit found no critical issues, with the most notable finding being a medium-severity signature replay concern that was acknowledged by the team; the overall codebase was assessed with reasonable security posture across OGV, wOUSD, and ERC721a contracts. |
OpenZeppelin16-05-2022 - 20-05-2022 |
| Both high-severity findings were resolved before or shortly after the audit, and the Origin team responded promptly to most recommendations, leaving only minor edge cases (smart-contract receiver checks and some gas optimizations) partially open. |
| The critical and most high-severity issues were resolved or mitigated before deployment, but one high-severity finding (valid redemption failures with non-default strategies) was acknowledged and left unfixed by design, requiring ongoing trusted strategist oversight for allocations. Overall, the audit reveals a reasonable security posture for a governed, upgradeable stablecoin protocol with the main residual risks centered on governance trust assumptions and external DeFi dependencies. | |
| The audit identified several governance-level and documentation issues, all acknowledged or low-severity in nature, but the garbled text quality precludes a definitive safety assessment of the protocol from this extracted material alone. | |
Trail of Bits02-11-2020 - 17-11-2020 |
| The audit found multiple critical-class flaws including a directly drainable mint function and governance bypasses, and while most issues were remediated by December 2020, two high-severity concerns (Timelock admin takeover and OUSD invariant violations) remained only partially or not fixed, indicating the contracts were not ready for deployment at the time of the report. |
Trail of Bits13-11-2018 - 28-11-2018 |
| Trail of Bits identified significant risks in the Marketplace contract, particularly around reentrancy and fund drainage, but all findings were either remediated or formally risk-accepted with documented off-chain mitigations before mainnet deployment. |
Legal
Legal form
Limited liability company (Origin Protocol Labs / Origin Protocol, Inc.)
Registration jurisdiction
Cayman Islands (Grand Cayman) — registered address: Floor 4, Willow House, Cricket Square, Grand Cayman KY1-9010; P.O. Box 61, Harbour Centre, George Town, Grand Cayman KY1-1102
Status and notes
The operating entity is Origin Protocol Labs (also referred to as Origin Protocol, Inc. in the homepage footer). The Terms of Service (last updated Sept 5, 2024) and Privacy Policy (last updated Oct 30, 2020) are published on the website and identify Origin Protocol Labs as the contracting party, with a registered address in the Cayman Islands. Dispute resolution is seated in the Grand Caymans with AAA arbitration. The privacy policy explicitly names "Origin Protocol Labs and its related companies."