Origin Dollar (OUSD)
About
Origin Dollar (OUSD) is a liquid, yield-bearing stablecoin launched in 2020 and backed 1:1 by USDC. Users mint OUSD by depositing USDC and earn passive yield that auto-compounds directly in their wallet — no staking, lockups, or manual actions required.
Where Does Yield Come From?
How OUSD earns yield
When you deposit USDC to mint OUSD, the protocol puts that USDC to work in conservative, yield-generating strategies across several blockchains.
Most of the yield comes from lending. OUSD lends deposited USDC on Morpho (a lending market) on Ethereum Mainnet, Base, and HyperLiquid. These lending pools are co-managed by Origin and Yearn, and they earn interest from borrowers who take out loans in USDC.
A smaller slice — typically under 20% — goes to liquidity pools. This portion is put into the Curve OUSD/USDC pool, where it earns trading fees from people swapping between those two tokens. The pool also earns CRV incentive rewards, which the protocol automatically collects and converts into yield.
To make the capital go further, the protocol uses an Automated Market Operator (AMO). Think of it as a tool that lets the same deposited capital earn up to double the rewards it normally would.
Yield earned on Base and HyperLiquid is bridged back to Ethereum Mainnet using Circle's CCTP (a cross-chain transfer system). That means all OUSD holders on Mainnet automatically receive the combined yield from every chain — no extra steps needed.
Gas costs for collecting and reinvesting yield are spread across the entire pool, so compounding happens more often and more efficiently.
Fees: Origin takes a 20% performance fee on the gross yield — that is deducted from earnings before they reach you, not from your deposited principal. All fee revenue goes toward buying back OGN tokens for xOGN stakers. The APY you see displayed is already shown after this fee.
Bonus detail: OUSD uses a rebasing supply design. If certain smart contracts holding OUSD do not opt in to receive yield, their share of yield gets redistributed to active holders instead.
Persons
Josh Fraser
Cofounder
Matthew Liu
Cofounder
Rafael Ugolini
CEO
Nick Addison
Sr Solidity Engineer
Antoine Codogno
Sr Engineer
Christopher Jacobs
Senior Engineer
Domen Grabec
Engineer
Shahul Hameed
Engineer
Clément Moller
Engineer
Aure Gimon
Product Designer
Kara Chang
Executive Assistant
Kelly Hwang
Investments/Treasury
Justin Charlton
Head of Finance
Peter Gray
BD Manager
Ryan McNamara
Product Marketing Manager
Jonathan Snow
Data Engineer
Micah Alcorn
Advisor
Audits
| Audit / Date | Findings | Verdict |
|---|---|---|
| No critical or high-severity vulnerabilities were found; the three medium-severity items were either resolved (accounting discrepancy) or closed with justification (DOS false-positive, APR documentation), and all low/informational findings were addressed or acknowledged, indicating the OUSD upgrade contracts underwent a thorough security review with acceptable residual risk. | |
yAudit24-11-2025 - 28-11-2025 |
| The audit reveals one high-severity vulnerability around slashing-risk unfairness that the developer remediated, and one medium-severity locked-asset issue that was fixed; the remaining findings are low-severity or informational, indicating that with those fixes applied the protocol is reasonably secure for its scope. |
Nethermind10-10-202516-10-2025 |
| The audit found no vulnerabilities across all severity bands except a single informational off-by-one error that was promptly fixed, reflecting a well-engineered and thoroughly documented codebase with strong security posture. |
OpenZeppelin06-08-2025 - 20-08-2025 |
| The fixes were comprehensive and addressed the most severe risks, but several temporary denial-of-service and under-accounting possibilities remain as accepted risks by the Origin team, requiring diligent monitoring and timely deposit verification to avoid disruption. |
| Sigma Prime's audit uncovered a critical array-iteration bug and five high-severity issues spanning fund loss, denial-of-service, and balance accounting errors, all of which were resolved by the development team before the report was finalized. The residual risk is low for the resolved items, though the report notes that the deposit double-counting fix (ORGN-06) still leaves a temporary DoS window until the validator's withdrawable epoch passes, requiring trust in node operators. | |
OpenZeppelin09-06-2025 - 13-06-2025 |
| The audit found no critical, high, or medium severity issues across the Plume Rooster AMO strategy, with only low-severity and informational items identified—most of which were resolved or acknowledged by the team. This indicates a well-structured, security-conscious codebase suitable for deployment. |
OpenZeppelin13-05-2025 - 19-05-2025 |
| The one high-severity storage gap was resolved and the medium-severity reward-theft vector was partially mitigated; however, several acknowledged low-severity and informational items remain open, and the residual risk in the SonicHarvester should be monitored closely before deploying to production. |
OpenZeppelin31-03-2025 - 03-04-2025 |
| The audit found no critical, high, or medium severity issues, and all three client-reported issues were resolved, confirming that the implemented security measures effectively prevent token inflation attacks on WOETH and OETH. The sole low severity finding was acknowledged by the team and accepted as negligible, making this a clean audit result for the Vault and WOETH update. |
OpenZeppelin20-03-2025 - 28-03-2025 |
| The audit found no critical or high severity issues, with the single medium-severity finding (uncallable gauge emergency functions) resolved before publication, confirming the contract's core design is robust for its trust model and scope. |
OpenZeppelin10-02-2025 - 13-02-2025 |
| The single medium-severity issue was resolved before the report was finalized, and the remaining low/informational items are minor documentation concerns or accepted design risks that do not compromise the core security of the staking strategy. OpenZeppelin concluded the contracts were well-thought-out and of high quality. |
Certora26-11-2024 - 12-12-2024 |
| The Certora Prover mathematically verified the correctness of the OUSD token contract against its formal specification, finding no security vulnerabilities. The only deviation was a bounded rounding discrepancy inherent to the rebasing credit system, which is within acceptable limits and does not constitute a security risk. |
OpenZeppelin26-11-2024 - 02-12-2024 |
| The audit found no critical, high, or medium severity vulnerabilities in the OUSD yield-delegation upgrade, with only 3 low-severity items and 5 informational notes, most of which were resolved or acknowledged by the team. The protocol's safety posture for this upgrade is sound, with the main trust assumption being that the Governor (a Timelock contract subject to governance) manages yield delegation in good faith. |
OpenZeppelin15-10-2024 - 21-10-2024 |
| The audit found no critical or high-severity issues, with the single medium-severity DoS risk (M-01) resolved before publication; the codebase was assessed as well-thought-out and high quality, though two low-severity items and several informational notes remain acknowledged but unresolved, which poses minimal security risk for the intended deployment. |
OpenZeppelin09-09-2024 - 16-09-2024 |
| The audit found no critical, high, or medium severity vulnerabilities, and the two low-severity issues were either resolved or appropriately acknowledged, indicating the Aerodrome AMO strategy contract is securely coded for its intended purpose. |
OpenZeppelin29-07-2024 - 01-08-2024 |
| The audit found no critical or high-severity vulnerabilities; both medium-severity issues were resolved before delivery, and the two acknowledged low-severity findings (autoAllocateThreshold check and dripper address handling) present minor residual design risks that the team intentionally accepted. Overall the withdrawal queue implementation appears sound for deployment with continued monitoring. |
OpenZeppelin13-05-2024 - 27-05-2024 |
| No critical or high-severity vulnerabilities were found; the two medium-severity issues were either resolved or acknowledged with compensating off-chain monitoring. The primary residual risk stems from the deliberate design choice to forgo a staking oracle, making accurate accounting dependent on trusted manual intervention by the strategist. |
OpenZeppelin29-04-2024 - 03-05-2024 |
| The audit found no critical, high, or medium severity issues, with only two low-severity findings (one resolved) and nine informational recommendations, indicating the OGV/OGN merge contracts were well-written and secure for their intended purpose. |
Perimeter (Rappie)25-03-2024 |
| The fuzzing report identifies one high-risk rounding attack vector but confirms all identified rounding errors fall within agreed tolerances, allowing safe deployment of the refactored OETHVault provided redemption fees remain sufficiently high. |
OpenZeppelin07-08-2023 - 16-08-2023 |
| The audit found no critical issues and all three high-severity findings were resolved, making the Balancer MetaPool Strategy safe for deployment; however, two medium-severity items (rounding-error DoS risk and single-asset price impact) were acknowledged but not fixed, so operators should rely on multi-asset deposits/withdrawals and monitor slippage parameters accordingly. |
Narya17-04-2023 - 08-05-2023 |
| All findings were Low severity or Gas optimizations with no Critical or High risks; the protocol team acknowledged and fixed every issue, so the audit does not indicate unresolved safety concerns for the OETH vault contracts. |
OpenZeppelin03-05-2023 - 11-05-2023 |
| The audit found no critical or high-severity issues; the sole medium-severity finding was resolved, and most low-severity items were fixed, leaving only minor acknowledged design trade-offs. Overall, the OETH integration was assessed as sound with appropriate mitigations for the codebase's risk profile. |
OpenZeppelin20-03-2023 - 03-04-2023 |
| No critical or high-severity vulnerabilities were found, indicating a healthy overall design; the two medium-severity issues were fully resolved during the audit, and the remaining low and informational items were mostly addressed or acknowledged, leaving residual design complexity around fee accounting and drip schedule behavior as accepted risks. |
CyberScope19-12-2022 |
| The audit found no critical, high, or medium severity vulnerabilities, meaning the OGN staking contract presents minimal security risk, though the nine minor/informative observations—all unresolved—should be addressed for code quality and future-proofing. |
OpenZeppelin03-10-2022 - 14-10-2022 |
| The audit found no critical or high severity vulnerabilities, with all one medium-severity issue resolved before publication, indicating that the Convex Finance integration is safe to use under the documented trust assumptions regarding governance, strategist, and harvester roles. |
OpenZeppelin16-05-2022 - 20-05-2022 |
| The audit identified two high-severity issues (rewards lost on extend and tightly coupled reward/ governance logic), both of which were fixed by the development team, along with most medium and lower-severity items, indicating that the contract code was substantively improved through the engagement. |
Solidified05-05-2022 |
| No critical issues were identified in this audit, though several medium-to-low severity findings and informational notes were flagged and mostly acknowledged by the team; the poor text extraction precludes a fully precise severity breakdown, but the absence of critical or high-risk unaddressed vulnerabilities suggests a reasonable security posture for the scoped contracts at the time of review. |
| The audit identified one critical and five high-severity vulnerabilities, with the critical slippage issue and most high-severity findings resolved before publication; a few medium and low items were acknowledged as design trade-offs, leaving residual risks around cross-strategy redemption and strategy removal that the team accepted. | |
| The audit identified several security-relevant issues in OGN staking — including signature replay, gas exhaustion, and fund exhaustion risks — but the document's degraded OCR prevents reliable severity counting; remediations such as Merkle proofs were reportedly implemented. | |
Solidified17-12-2020 |
| The audit found no critical or high-severity vulnerabilities, with all minor issues and notes either resolved or acknowledged, indicating a solid security posture for the Origin Dollar contracts at the time of review. |
Trail of Bits02-11-2020 - 17-11-2020 |
| The audit found critical flaws including a high-severity reentrancy bug that could drain contract funds, and multiple governance vulnerabilities, leading Trail of Bits to conclude the contracts were not yet ready for deployment; most issues were subsequently addressed by Origin Protocol, though a few high-risk items (Timelock admin takeover, ERC-20 invariant violations) remained only partially fixed or unresolved. |
Trail of Bits13-11-2018 - 28-11-2018 |
| All high-severity issues were either fixed or risk-accepted with documented off-chain mitigations, and the critical reentrancy finding was remediated before mainnet deployment; the report nevertheless highlights residual design risk from allowing arbitrary ERC20 currencies and reliance on off-chain client-layer protections. |
Solidified11-07-2022 |
| The audit document could not be reliably parsed due to PDF conversion corruption, so severity counts and a detailed verdict cannot be produced from the available material. |
Perimeter03-04-2025 |
| The fuzzing campaign did not uncover any exploitable vulnerabilities in the WOETH contract; all 31 invariants passed within established rounding tolerances, and no critical or high-severity issues were identified. This suggests the contract is resilient to the fuzzed attack surfaces, though the scope was limited to a single file and tolerances were manually set. |
Sigma Prime01-03-2026 |
| The audit found no critical or high-severity vulnerabilities; the 3 medium-severity issues and all informational items were resolved, leaving only one acknowledged low-severity residual risk around excess fee overpayments, which poses minimal practical threat given the negligible amounts involved. |
Backers
No information about investors, backers, funding rounds, or amounts was found on official OUSD or Origin Protocol sources (ousd.com, originprotocol.com, docs.originprotocol.com, GitHub, blog). The docs note that Origin Protocol was founded by "cryptocurrency and fintech veterans" with talent from YouTube, Google, Dropbox, PayPal, and Coinbase, but no specific investor names, VC backers, or funding round details are disclosed on any of these official pages.
Legal
Legal form
Limited company (Origin Protocol Labs / Origin Protocol, Inc.)
Registration jurisdiction
Cayman Islands (Origin Protocol Labs, Floor 4, Willow House, Cricket Square, Grand Cayman KY1-9010, Cayman Islands)
Status and notes
The operating entity disclosed in the Terms of Service and Privacy Policy is Origin Protocol Labs, registered in the Cayman Islands. The website footer states "© 2026 Origin Protocol, Inc." Privacy Policy refers to "Origin Protocol Labs and its related companies." Terms of Service (last updated September 5, 2024) and Privacy Policy (last updated October 30, 2020) are published under Origin Protocol Labs, with a Cayman Islands physical address and Grand Cayman arbitration venue. The protocol is governed via OGN staking (xOGN) with an onchain governance process hosted at governance.originprotocol.com. No imprint or commercial registry number was found on official sources.