Origin Governance Audit
Origin governance audit was conducted by OpenZeppelin. The OpenZeppelin team audited a governance system for OriginProtocol. The contracts allow users to stake their tokens to receive voting power and be rewarded with additional OGV tokens.
The system enables users to participate in the governance of the Origin Protocol by staking their OGV tokens, allowing users to earn more OGV as a staking reward. Furthermore, the staking contract OgvStaking allows OGV governance tokens to be staked to obtain non-transferable ERC20Votes-based tokens called OGVe which can participate in a GovernorBravo—compatible governance vote.
The minimum and maximum lockup periods are 7 and 1461 days, respectively. In addition, each staker earns OGV tokens at a pre-configured daily total rate set per time interval and emitted from the RewardSource contract. The OGVe tokens are awarded based on a constant inflation factor of 80% per year in relation to the end of the staking lockup period.
Security Considerations
- Due to an initial voting delay of 1 block in the governance contract, we assume a delay between the deployment of OgvStaking and the transfer of assets or privileges to Governance, such that there is at least sufficient time for stakers to have received and delegated their voting shares before the governance contract becomes active. Further, we assume the cancellation of all proposals in the timelock queue directly prior to the transfer of assets or privileges to Governance prevents the execution of proposals that have been passed before the completion of the voting shares distribution.
- Based on the disabled transfer functionality OGVe and the minimum staking duration of 7 days, flash-loan-based governance attacks are mitigated.
- Due to a lack of external calls outside of the contract ecosystem, the functions within OgvStaking appear inherently safe against reentrancy. However, the OGV token is based on an upgradable proxy. A future upgrade introducing transfer hooks with user-controllable data could render the thecollectRewards function vulnerable to reentrancy.
- The PRBMthUD60x18 contract of the paulrberg/prb-math library is assumed to operate correctly if all operands and results can be expressed as a number with a 60-digit integer field and an 18-digit fractional field.
AUDIT FINDINGS
Extending the staking duration discards rewards
In the OgvStaking contract, updating a user’s rewards is a two-step process. First, the internal function _collect rewards must be called, which updates the accumulated per share rewards. For all users and then computes and transfers an individual user’s total outstanding rewards.
Moreover, the computation of a user’s outstanding rewards uses the mapping rewardDebt for internal bookkeeping. Because rewardDebt contains a user’s debt in absolute terms. It can only be updated as a second step outside of the _collectReward function. Additionally, after a potential change of the user’s stake has been accounted for. In effect, user rewards can only be computed correctly if a call to _collectRewards is jointly used with an update of rewardDebt
The function extends only performs an update on rewardDebt without a prior call to the _collectReward function. Hence, it always discards the rewards earned by a user instead of paying them out.
ABOUT OpenZeppelin
OpenZeppelin provides security products to build, automate, and operate decentralized applications. They also protect leading organizations by performing security audits on their systems and products.
ABOUT Origin Protocol
Origin’s mission is to bring non-fungible tokens (NFTs) and decentralized finance (DeFi) to the masses.
RESOURCES
OpenZeppelin
