Difference between revisions of "Origin Protocol (OGN)"
m (1 revision imported) |
|||
| Line 1: | Line 1: | ||
''"Origin Protocol aims to create the sharing economy marketplaces. By integrating [[blockchain]] into these shared economy marketplace, Origin Protocol plans to offer buyers and sellers control over their data, drastically reduced [[transaction]] [[fees]], and identity verification/reputation scores."'' [https://messari.io/asset/origin-protocol#profile according] to [[Messari]] | |||
* | == Basics ==*Based in: | ||
* | *Started in / Announced on: | ||
* The Origin Beta is live on the Ethereum [[Mainnet]] (4-2019) | *[[Testnet]] release: | ||
* The Origin Beta is live on the [[Ethereum]] [[Mainnet]] (4-2019) | |||
== History == | == History == | ||
== | ==Audits & Exploits== | ||
*No [[bug bounty]] according to [[Blockchain Security DB]] (29-6-2020), which does show 1 [https://consensys.github.io/blockchainSecurityDB/ audit] (11-2018). Updated (8-3-2022): This protocol offers an active bug bounty of [https://immunefi.com/bounty/origindollarousd/ $250K]. | |||
*Scored [https://www.defisafety.com/pqrs/372 86%] on [[DeFi Safety]] (8-3-2022): | |||
''"There are only API functions documented in Origin's documentation. This protocol has undergone formal verification on the [[token]] [[contract]]. The rest of the protocol was not in scope for [[Certora|Certora's]] review. OUSD has been audited multiple times, though each was [https://docs.ousd.com/security-and-risks/audits post-launch]."'' | |||
With the [https://t.me/c/1453353094/7701 comment]: | |||
''"Despite a rocky [[genesis]] with a harsh lesson in shipping unaudited code, the team quickly learned and has shown incredible resilience in the face of this. Their protocol scores highly thanks to great oracle documentation, consideration of timelocks as well as strong testing. In addition, their formally verified token contract proves that this protocol's commitment to security has really grown into an [[integral]] part of its operation. This token might consider better documentation on software function documentation in contracts, as well as slightly clearer traceability of contract code to contract deployments. These are minor improvements to be made in the face of a great developer team with a good commitment to the highest process quality standards."'' | |||
*[https://secureum.substack.com/p/making-defi-safu-secureum-3 From] [[Secureum]] (24-1-2021): | |||
*[https://secureum.substack.com/p/making-defi-safu-secureum-3 From] Secureum (24-1-2021): | |||
''"After the attack, they fixed the missing validation and reentrancy vulnerability (and other issues) as suggested by the ToB audit. They conducted another audit with [[Solidified]], are engaging with [[Certora]] for smart contract formal verification and plan to engage with [[OpenZeppelin]] for auditing upgrades.'' | ''"After the attack, they fixed the missing validation and reentrancy vulnerability (and other issues) as suggested by the ToB audit. They conducted another audit with [[Solidified]], are engaging with [[Certora]] for [[smart contract]] formal verification and plan to engage with [[OpenZeppelin]] for auditing upgrades.'' | ||
''They integrated [https://github.com/crytic/slither Slither/Echidna] in their CI/CD process, check PRs more stringently for security aspects and review [https://github.com/OriginProtocol/security/tree/master/incidents other DeFi hacks] more carefully. They’ve introduced automated monitoring for large/failing transactions along with a fast-pause feature where two [[Multi-Signature|multisig]] holders can pause minting/redeeming to respond to any similar future incidents. They’re also working with [[Nexus Mutual (NXM)|Nexus Mutual]] and [[COVER Protocol (COVER)|Cover Protocol]] for DeFi insurance.'' | ''They integrated [https://github.com/crytic/slither Slither/Echidna] in their CI/CD process, check PRs more stringently for security aspects and review [https://github.com/OriginProtocol/security/tree/master/incidents other DeFi hacks] more carefully. They’ve introduced automated monitoring for large/failing [[transactions]] along with a fast-pause feature where two [[Multi-Signature|multisig]] holders can pause minting/redeeming to respond to any similar future incidents. They’re also working with [[Nexus Mutual (NXM)|Nexus Mutual]] and [[COVER Protocol (COVER)|Cover Protocol]] for [[DeFi]] insurance.'' | ||
''They have since then [https://medium.com/originprotocol/origin-dollar-ousd-relaunches-to-offer-hassle-free-defi-returns-b8ee0c601dad relaunched] with [https://medium.com/originprotocol/origin-delivers-on-compensation-promise-claim-your-ousd-and-ogn-now-a9fa9b840476 ongoing compensation] and proclaimed deeper commitment to security."'' | ''They have since then [https://medium.com/originprotocol/origin-dollar-ousd-relaunches-to-offer-hassle-free-defi-returns-b8ee0c601dad relaunched] with [https://medium.com/originprotocol/origin-delivers-on-compensation-promise-claim-your-ousd-and-ogn-now-a9fa9b840476 ongoing compensation] and proclaimed deeper commitment to security."'' | ||
=== Bugs/ | === Bugs/Exploits === | ||
* [https://www.coindesk.com/origin-protocol-loses-3-25m-in-latest-flash-loan-attack-reports From] [[CoinDesk]] (17-11-2020): | * [https://www.coindesk.com/origin-protocol-loses-3-25m-in-latest-flash-loan-attack-reports From] [[CoinDesk]] (17-11-2020): | ||
"''[[Stablecoin]] project Origin Dollar (OUSD) [https://medium.com/originprotocol/urgent-ousd-has-hacked-and-there-has-been-a-loss-of-funds-7b8c4a7d534c sustained] a [[Reentrancy Attack|re-entrancy attack]] at 00:47 UTC Tuesday resulting in a loss of funds worth $7 million, including over $1 million deposited by Origin and its founders and employees. The team has disabled deposits Tuesday’s attack utilized a [[flash loan]] and flaws in OUSD [[contracts]] to initiate what is known as a “rebase,” according to [[Etherscan]] and an updated blog from the team. The attack artificially inflated the supply of OUSD tokens within the protocol before swapping the newly printed tokens on [[SushiSwap]] and [[Uniswap]] for [[USDT]], the blog states. Early reports indicated that Origin Protocol had suffered a $3.5 million flash loan attack or pricing [[oracle]] attack. Although the attacker employed a flash loan, Origin has not cited oracle manipulation as the technical culprit."'' | "''[[Stablecoin]] project Origin Dollar (OUSD) [https://medium.com/originprotocol/urgent-ousd-has-hacked-and-there-has-been-a-loss-of-funds-7b8c4a7d534c sustained] a [[Reentrancy Attack|re-entrancy attack]] at 00:47 UTC Tuesday resulting in a loss of funds worth $7 million, including over $1 million deposited by Origin and its founders and employees. The team has disabled deposits Tuesday’s attack utilized a [[flash loan]] and flaws in OUSD [[contracts]] to initiate what is known as a “rebase,” according to [[Etherscan]] and an updated blog from the team. The attack artificially inflated the supply of OUSD [[tokens]] within the protocol before swapping the newly printed tokens on [[SushiSwap]] and [[Uniswap]] for [[USDT]], the blog states. Early reports indicated that Origin Protocol had suffered a $3.5 million flash loan attack or pricing [[oracle]] attack. Although the attacker employed a flash loan, Origin has not cited oracle manipulation as the technical culprit."'' | ||
* From this [https://blockchain.news/news/origin-protocol-puts-1-million-bounty-on-hacker-ousd-stablecoin-loses-stability article] (20-11-2020): | * From this [https://blockchain.news/news/origin-protocol-puts-1-million-bounty-on-hacker-ousd-stablecoin-loses-stability article] (20-11-2020): | ||
"''Origin has now announced a $1 million bounty reward for anyone who can bring the hacker responsible for destabilizing its stablecoin to justice."'' | "''Origin has now announced a $1 million bounty reward for anyone who can bring the hacker responsible for destabilizing its stablecoin to justice."'' | ||
| Line 61: | Line 32: | ||
* A further break down of what went wrong, with the audit itself used in the [https://secureum.substack.com/p/making-defi-safu-secureum-3 article] (24-1-2021). | * A further break down of what went wrong, with the audit itself used in the [https://secureum.substack.com/p/making-defi-safu-secureum-3 article] (24-1-2021). | ||
== Governance== | |||
* After a [[flash loan]] [https://www.coindesk.com/origin-protocol-loses-3-25m-in-latest-flash-loan-attack-reports attack] (17-11-2020) the team halted deposits for their [[stablecoin]], this hints towards [[centralization]]. | |||
===Admin Keys=== | |||
* [https://www.defisafety.com/pqrs/372 From] [[DeFi Safety]] (8-3-2022): | |||
''"[[Admin Key|Admin control]] information was well documented at this [https://docs.ousd.com/governance/admin-privileges location]. The relevant contracts are identified as upgradeable, as identified [https://docs.ousd.com/governance/admin-privileges here]. Some smart contract change capabilities are identified, but definitely not all of them. This protocol's pause control functions are documented and briefly summarized. This protocol has good [[timelock]] documentation which can be found at this [https://docs.ousd.com/smart-contracts/api/timelock location]."'' | |||
===DAO=== | |||
===Treasury=== | |||
==Token== | |||
===Launch=== | |||
===Token Allocation=== | |||
===Utility=== | |||
===Other Details=== | |||
== Coin Distribution == | |||
== Tech == | |||
*[[Whitepaper]] or docs can be found [https://docs.ousd.com here]. | |||
*Code can be viewed [https://github.com/originprotocol/origin-dollar here]. [https://www.defisafety.com/pqrs/372 From] [[DeFi Safety]] (8-3-2022): | |||
''"At 2887 commits, this protocol clearly pays due respect to its origin story."'' | |||
===Implementations=== | |||
*Built on: Runs on [[Ethereum (ETH)|Ethereum]] and uses [[IPFS]] | |||
===How it works=== | |||
===Fees=== | |||
===Upgrades=== | |||
===Staking=== | |||
====Validator Stats==== | |||
===Liquidity Mining=== | |||
===Scaling=== | |||
===Interoperability=== | |||
===Other Details === | |||
==Oracle Method== | |||
* [https://www.defisafety.com/pqrs/372 From] [[DeFi Safety]] (8-3-2022): | |||
''"The protocol's [[oracle]] source is partially documented at this [https://docs.ousd.com/core-concepts/price-oracles location]. The contracts dependent are identified. There is no relevant software function documentation, but the deltas of each price source are clearly outlined. This protocol [https://docs.ousd.com/core-concepts/price-oracles documents] [[Frontrunners|front running]] mitigation techniques. This protocol documents [[Flash Loan|flashloan]] countermeasures at this [https://docs.ousd.com/smart-contracts/api/oracle location]. It has implemented [[Chainlink (LINK)|Chainlink]]. This could be stated explicitly to reassure users."'' | |||
== Their Other Projects == | |||
=== Origin Dollar (OUSD) === | |||
* [https://www.coindesk.com/origin-protocol-loses-3-25m-in-latest-flash-loan-attack-reports From] [[CoinDesk]] (17-11-2020): | |||
"''OUSD is backed by deposits of [[USDT]], [[USDC]] and [[DAI]] and is designed to act somewhat like a savings account."'' | |||
* It got [https://www.coindesk.com/origin-protocol-loses-3-25m-in-latest-flash-loan-attack-reports hacked] for $7M in a [[flash loan]] attack (17-11-2020). | |||
*[[COVER Protocol (COVER)|Cover Protocol]], has [https://medium.com/originprotocol/origin-dollar-ousd-insurance-now-available-from-cover-protocol-793440c5c8a added] coverage support for OUSD (25-1-2021). | |||
== Roadmap == | |||
* Can be found [Insert link here]. | |||
== Usage == | == Usage == | ||
=== Projects that use or built on it === | === Projects that use or built on it === | ||
== Competition == | == Competition == | ||
== Pros and Cons == | == Pros and Cons == | ||
=== Pros === | === Pros === | ||
| Line 73: | Line 93: | ||
== Team, Funding, Partnerships, etc. == | == Team, Funding, Partnerships, etc. == | ||
=== Team === | === Team === | ||
* Full team can be found [here]. | * Full team can be found [https://www.originprotocol.com/en/team here]. | ||
* [[Josh Fraser]]; Co-Founder (also advisor to MARKET Protocol) | * [[Josh Fraser]]; Co-Founder (also advisor to MARKET Protocol) | ||
| Line 83: | Line 103: | ||
=== Partners === | === Partners === | ||
* [https://marketprotocol.io/partners/ Has a partnership] with [[MARKET Protocol]] (still as of 8-2019) | * [https://marketprotocol.io/partners/ Has a partnership] with [[MARKET Protocol]] (still as of 8-2019) | ||
* [https://messari.io/organization/svk-crypto Part of] the portfolio of [[SVK Crypto]] | * [https://messari.io/organization/svk-crypto Part of] the portfolio of [[SVK Crypto]] | ||
==(:== | |||
Knowledge empowers all and will help us get closer to the [[decentralised|decentralized]] world we all want to live in! | |||
Making these free wiki pages is fun but takes a lot of effort and time. | |||
If you have enjoyed reading, tips are appreciated :) This will help us to [[keep]] expanding this archive of information. | |||
[[ETH]] tip [[address]]: 0x83460bE5F218b1520B69D702cE60A1DE37dD8E31 | |||
[[Category:Coins/Tokens]] | [[Category:Coins/Tokens]] | ||
Revision as of 13:33, 11 April 2022
"Origin Protocol aims to create the sharing economy marketplaces. By integrating blockchain into these shared economy marketplace, Origin Protocol plans to offer buyers and sellers control over their data, drastically reduced transaction fees, and identity verification/reputation scores." according to Messari
== Basics ==*Based in:
- Started in / Announced on:
- Testnet release:
History
Audits & Exploits
- No bug bounty according to Blockchain Security DB (29-6-2020), which does show 1 audit (11-2018). Updated (8-3-2022): This protocol offers an active bug bounty of $250K.
- Scored 86% on DeFi Safety (8-3-2022):
"There are only API functions documented in Origin's documentation. This protocol has undergone formal verification on the token contract. The rest of the protocol was not in scope for Certora's review. OUSD has been audited multiple times, though each was post-launch."
With the comment:
"Despite a rocky genesis with a harsh lesson in shipping unaudited code, the team quickly learned and has shown incredible resilience in the face of this. Their protocol scores highly thanks to great oracle documentation, consideration of timelocks as well as strong testing. In addition, their formally verified token contract proves that this protocol's commitment to security has really grown into an integral part of its operation. This token might consider better documentation on software function documentation in contracts, as well as slightly clearer traceability of contract code to contract deployments. These are minor improvements to be made in the face of a great developer team with a good commitment to the highest process quality standards."
"After the attack, they fixed the missing validation and reentrancy vulnerability (and other issues) as suggested by the ToB audit. They conducted another audit with Solidified, are engaging with Certora for smart contract formal verification and plan to engage with OpenZeppelin for auditing upgrades.
They integrated Slither/Echidna in their CI/CD process, check PRs more stringently for security aspects and review other DeFi hacks more carefully. They’ve introduced automated monitoring for large/failing transactions along with a fast-pause feature where two multisig holders can pause minting/redeeming to respond to any similar future incidents. They’re also working with Nexus Mutual and Cover Protocol for DeFi insurance.
They have since then relaunched with ongoing compensation and proclaimed deeper commitment to security."
Bugs/Exploits
"Stablecoin project Origin Dollar (OUSD) sustained a re-entrancy attack at 00:47 UTC Tuesday resulting in a loss of funds worth $7 million, including over $1 million deposited by Origin and its founders and employees. The team has disabled deposits Tuesday’s attack utilized a flash loan and flaws in OUSD contracts to initiate what is known as a “rebase,” according to Etherscan and an updated blog from the team. The attack artificially inflated the supply of OUSD tokens within the protocol before swapping the newly printed tokens on SushiSwap and Uniswap for USDT, the blog states. Early reports indicated that Origin Protocol had suffered a $3.5 million flash loan attack or pricing oracle attack. Although the attacker employed a flash loan, Origin has not cited oracle manipulation as the technical culprit."
- From this article (20-11-2020):
"Origin has now announced a $1 million bounty reward for anyone who can bring the hacker responsible for destabilizing its stablecoin to justice."
- From Bitcoin.com (14-12-2020):
"The Origin Protocol team has unveiled a compensation plan for its depositors who were adversely affected by the flash loan attack in November. According to the team, there is now a plan to provide compensation equal to 100% of the value deposited to OUSD at the time of the exploit. The update says founders will not receive any compensation as a part of this plan despite having lost over $1 million in the hack."
- A further break down of what went wrong, with the audit itself used in the article (24-1-2021).
Governance
- After a flash loan attack (17-11-2020) the team halted deposits for their stablecoin, this hints towards centralization.
Admin Keys
- From DeFi Safety (8-3-2022):
"Admin control information was well documented at this location. The relevant contracts are identified as upgradeable, as identified here. Some smart contract change capabilities are identified, but definitely not all of them. This protocol's pause control functions are documented and briefly summarized. This protocol has good timelock documentation which can be found at this location."
DAO
Treasury
Token
Launch
Token Allocation
Utility
Other Details
Coin Distribution
Tech
- Whitepaper or docs can be found here.
- Code can be viewed here. From DeFi Safety (8-3-2022):
"At 2887 commits, this protocol clearly pays due respect to its origin story."
Implementations
How it works
Fees
Upgrades
Staking
Validator Stats
Liquidity Mining
Scaling
Interoperability
Other Details
Oracle Method
- From DeFi Safety (8-3-2022):
"The protocol's oracle source is partially documented at this location. The contracts dependent are identified. There is no relevant software function documentation, but the deltas of each price source are clearly outlined. This protocol documents front running mitigation techniques. This protocol documents flashloan countermeasures at this location. It has implemented Chainlink. This could be stated explicitly to reassure users."
Their Other Projects
Origin Dollar (OUSD)
"OUSD is backed by deposits of USDT, USDC and DAI and is designed to act somewhat like a savings account."
- It got hacked for $7M in a flash loan attack (17-11-2020).
- Cover Protocol, has added coverage support for OUSD (25-1-2021).
Roadmap
- Can be found [Insert link here].
Usage
Projects that use or built on it
Competition
Pros and Cons
Pros
Cons
- After a flash loan attack (17-11-2020) the team halted deposits for their stablecoin, this hints towards centralization.
Team, Funding, Partnerships, etc.
Team
- Full team can be found here.
- Josh Fraser; Co-Founder (also advisor to MARKET Protocol)
- Matt Liu, Co-Founder
Funding
- Has investment from Consensus Capital ("we’re a partner who supports their growth.")
Partners
- Has a partnership with MARKET Protocol (still as of 8-2019)
- Part of the portfolio of SVK Crypto
(:
Knowledge empowers all and will help us get closer to the decentralized world we all want to live in!
Making these free wiki pages is fun but takes a lot of effort and time.
If you have enjoyed reading, tips are appreciated :) This will help us to keep expanding this archive of information.
