This document is a security audit report performed by RideSolo, where Travel Token has been reviewed.
- travel.sol github commit hash 565fd5f7ae42de2c5647fb89e8b0406483bc77b9.
2 issues were reported:
- 1 high severity issue.
- 1 low severity issue.
Between every end of a stage and beginning of another stage there is a 24 hour gap where currentStage
will return 0 which will be the presale 50% bonus as defined in _bonuses
state varibale, any attacker that exploit this will get that bonus.
https://github.com/travelvee/TravelToken/blob/master/travel.sol#L126#L128
https://github.com/travelvee/TravelToken/blob/master/travel.sol#L253#l259
https://github.com/travelvee/TravelToken/blob/master/travel.sol#L283
- It is possible to double withdrawal attack. More details here
- Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here
The audited can be exploited to get tokens with high bonus even in advanced stages.