HashKode Logo
View Our ServicesAboutSecurity AuditsContact
Back to Audits

LionStrategy (LIONSTR) Audit

Complete security evaluation and code review of LionStrategy (LIONSTR) token smart contract

Project Overview

LionStrategy (LIONSTR) is a CRC-20 token with custom fees and anti-MEV protection. Trading fees fund Loaded Lions NFT buys, which are resold at a premium, and all proceeds are used to buy and burn $LIONSTR.

September 30, 2025

Audit Status

Passed with Advisory

Code is functionally safe with moderate centralization considerations noted.

Contract Details

Type:CRC-20
Blockchain:Cronos
Project Website:lionstrategy.fun
LIONSTR Logo

Key Findings

Critical
0
High
0
Medium
2
Security Score4/5
Centralized Fee Control
M-01

Owner can set combined fees up to 95%, creating potential trust issues.

Noted

Audit Scope

The security assessment focused on identifying vulnerabilities and centralization risks in the smart contract code:

  • Owner privilege escalation risks
  • Fee mechanism vulnerabilities
  • Anti-MEV and transfer logic
  • Treasury and fund security
  • Market designation controls
  • Whitelist/blacklist mechanisms
  • Centralization threat modeling

Audit Findings

No Critical IssuesNo critical security vulnerabilities found
2 Medium Risk IssuesCentralized fee control and single point of failure

The contract is functionally safe with moderate centralization considerations that should be noted by users but do not prevent safe operation.

Detailed Findings

M

Medium Risk Findings

M-01: Centralized Fee Control

Owner can set combined fee + rake up to 95%. While functionally safe, this creates trust dependencies.

Advisory: Users should be aware of centralized fee control mechanisms.

M-02: Single Point of Control

All administrative operations rely on one EOA, creating centralized control.

Advisory: Consider multi-sig for enhanced decentralization.

Recommendations & Conclusion

Overall Risk Level: MEDIUM

Positive Aspects:
  • Functionally safe code implementation
  • No critical arithmetic vulnerabilities
  • No mint backdoors or supply corruption
  • No reentrancy vulnerabilities
  • OpenZeppelin ERC20 compatible interface
  • Proper error handling
  • No exploitable security flaws identified
Advisory Notes:
  • Centralized fee control mechanisms (up to 95%)
  • Single point of administrative control
  • Trust based governance model
Recommendations for Enhancement:
  • Consider implementing multi-sig for administrative functions
  • Publish transparent fee schedules and governance processes
  • Consider timelock mechanisms for sensitive operations
⚠️ Trust Warning

While the contract is functionally safe, it requires complete trust in the owner. The concentration of authority enables near confiscatory taxation, arbitrary address targeting, and full treasury extraction, creating significant trust and economic manipulation risks for token holders.

The HashKode security team has determined that the LionStrategy contract is safe for deployment and use. The code implements proper security practices with no critical vulnerabilities. Centralization aspects are noted for transparency but do not affect the core security of the token.

Final Security Score

(4/5) Good