This document is a security audit report performed by danbogd, where Travelvee has been reviewed.
- Travel.sol github commit hash565fd5f7ae42de2c5647fb89e8b0406483bc77b9.
In total, 6 issues were reported including:
- 2 medium severity issues.
- 4 low severity issues.
The contract owner allow himself to:
- change the price of the tokens at any moment in or after the presale phase.
- forward all fonds
- burn tokens or not after crowdsale, depends on the owner's wish
This contract is managed manually by the owner, without softcap and withdraw functions which is not good for investors.
There is not restrictions of the ammount airdrop tokens in function sendBatchCS. The owner can transfer more then 2000000 tokens.
-
It is possible to double withdrawal attack. More details here.
-
Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.
Intrenal function _burnFrom is not used.
Beginning and ending dates in constuctor are not coorect (start from 14 Oct 2018).
Update the beginning and ending dates of crowdsale.
Extra checking in 172, 188-189 lines. SafeMath library checks it anyway.
Those lines may be deleted.
Some medium vulnerabilities were detected,we highly recommend to complete this bugs before use.