# Security & audits ### Audit firm * **33Audits** ### Status * Audit: **Completed on 2026-03-25** * Findings: **17 total — 1 critical, 2 high, 11 medium, 3 low** * Resolution: **All findings fixed** * Report: [33Audits audit report](/lsteak-protocol-docs/overview/security-and-audits/33audits-audit-report.md) * PDF: [Download audit PDF](https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FkohwqioQoDXaF3GIlgFJ%2Fuploads%2FLWF1UnGtsISGaRt4ewuH%2Flsteak-audit-report.pdf?alt=media\&token=eb3a4e2f-675f-4d86-a3fb-222d91b7d163) * Repository reviewed: `BuildTheTech/LSteak-Contracts` * Commit reviewed: `aab54f50` {% hint style="success" %} The published report says all findings were fixed by the team. {% endhint %} ### Strategic system analysis LSteak also has a system-level assessment under ISSAM v1. This evaluates incentive alignment, operating flows, structural resilience, and stress behavior. It complements the code audit. It does **not** replace it. * Assessment: **Completed on 2026-03-25** * Framework: **ISSAM v1** * Result: **Stable with constructive trajectory** * Report: [ISSAM strategic system analysis](/lsteak-protocol-docs/overview/security-and-audits/issam-strategic-system-analysis.md) ### Audit scope * Core protocol contracts: **In scope** * xl-LSTEAK contracts: **In scope** * Treasury, routing, backing, and admin controls: **In scope** * LSaaS contracts: **Not explicitly listed in the published findings** ### Published addresses Use these addresses to verify the deployed contracts and protocol-controlled wallets: Use these addresses to verify the live LSteak deployment on **Base**. * LSTEAK token: `0x39Cd7417080695f4e49b64F6F243b7804a0ea8EF` * LSTEAK / ETH liquidity pair: `0xC67BfB30Fed057AE16627457E71B1E29753B2F80` * xl-LSTEAK token: `0x032963337b837415209Ca53A46946a73cceB53aa` * Hedge Reserve contract: `0x4a237e0589B57F61eDE8ad623DE05B9eD57C1C33` * Gold (xAUT) holdings wallet: `0xeadecca3e777b836e637d41c479aaac3531a533d` * Liquidity Stack wallet: `0xc69e6ab1f4ac5be6d03f8df75d0f6fe501c7856b` ### What we consider “security complete” * Public audit report published. * All high/critical findings resolved. * Reported fixes documented in the public audit record. ### Current posture The completed audit improves confidence in the implementation. It does not remove the need for monitoring, re-reviews, or controlled admin operations. ### Incident response (baseline) * Emergency pause exists for catastrophic failures. * Liquidation is mechanical and pro-rata. See also: * [Technical Appendix — Immutable Protocol Invariants](/lsteak-protocol-docs/technical-appendix/section-b-immutable-protocol-invariants.md) * [Technical Appendix — Emergency pause & liquidation flow](/lsteak-protocol-docs/technical-appendix/section-c-deterministic-system-flows.md#c7-emergency-pause--liquidation) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://lsteak-protocol.gitbook.io/lsteak-protocol-docs/overview/security-and-audits.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.