Skip to content
Est. MMXXVIVol. VI · № 273RSS
Blockchain Breaches

An archive of cryptocurrency security incidents — hacks, exploits, bridge failures and rug pulls, documented with on-chain evidence.

Dossier № 014Reentrancy

Origin Dollar (OUSD) Reentrancy

$7.7M drained from the OUSD stablecoin vault two months after launch via a fake-stablecoin reentrancy bug introduced when a gas-saving refactor dropped a check.

Date
Victim
Origin Protocol
Chain(s)
Ethereum
Status
Funds Stolen

On November 17, 2020 at 00:47 UTC, the Origin Dollar (OUSD) stablecoin vault was drained for approximately $7.7 million11,809 ETH and 2,249,821 DAI — less than two months after OUSD's launch. The exploit was a textbook reentrancy attack made possible by a single missing validation check that had been quietly removed during a gas-saving refactor.

What happened

OUSD let users mint the stablecoin by depositing accepted underlying stablecoins (USDC, USDT, DAI). The vault's mint() and mintMultiple() paths checked that the deposited token was a whitelisted underlying before calling transferFrom() on it — preventing exactly the kind of reentrancy this attack would later use.

A subsequent gas-saving refactor copied the logic for mintMultiple() from the single-token mint() function but omitted the validation check for the underlying-token whitelist. The bug then sat undetected through the audit and launch process.

The attack:

  1. The attacker created a fake "stablecoin" contract they fully controlled.
  2. Called mintMultiple() passing both a real stablecoin and the fake stablecoin as inputs.
  3. The vault accepted the fake contract (no whitelist check), and called transferFrom() on it during the deposit phase.
  4. The fake contract's transferFrom() re-entered the vault before the first mint had completed updating supply state — triggering a rebase event that recalculated OUSD balances using mid-mint state.
  5. The rebase massively favoured the attacker's pre-existing OUSD holdings, granting them a disproportionate share of the vault's underlying assets at withdrawal time.

Total drained: ~$7.7M, laundered through Tornado Cash and renBTC.

Aftermath

  • Origin Protocol publicly acknowledged the loss the same day and announced full reimbursement of affected users from the project's own treasury and personal funds of the team.
  • The OUSD contracts were redesigned with comprehensive reentrancy protection on every state-mutating function and explicit whitelist validation on every underlying token interaction.
  • The funds were never recovered on-chain.

Why it matters

Origin Dollar's incident is one of the cleanest cases for why audited code can ship with audit-evading bugs. The original mint() had the validation check; the audit reviewed mint(). The post-audit refactor copied the logic but dropped the check, and there was no second audit before launch. The class of failure — subsequent edits to audited code without re-audit — has accounted for several major losses since, including Fei/Rari.

The team's response — full reimbursement from team funds — was also unusually fast and complete for the 2020 DeFi era; it set a precedent that other protocols later followed (and many later did not).

Sources & on-chain evidence

  1. [01]medium.comhttps://medium.com/originprotocol/urgent-ousd-has-hacked-and-there-has-been-a-loss-of-funds-7b8c4a7d534c
  2. [02]peckshield.medium.comhttps://peckshield.medium.com/origin-dollar-incident-root-cause-analysis-f27e11988c90
  3. [03]medium.comhttps://medium.com/originprotocol/what-weve-changed-since-the-ousd-attack-5894f2bd77cf

Related filings