Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

Travel Token Audit Report.

1. Summary

This document is a security audit report performed by RideSolo, where Travel Token has been reviewed.

2. In scope

  • travel.sol github commit hash 565fd5f7ae42de2c5647fb89e8b0406483bc77b9.

3. Findings

2 issues were reported:

  • 1 high severity issue.
  • 1 low severity issue.

3.1. Stages GAP Exploit

Severity: HIGH

Description

Between every end of a stage and beginning of another stage there is a 24 hour gap where currentStage will return 0 which will be the presale 50% bonus as defined in _bonuses state varibale, any attacker that exploit this will get that bonus.

Code snippet

https://github.com/travelvee/TravelToken/blob/master/travel.sol#L126#L128

https://github.com/travelvee/TravelToken/blob/master/travel.sol#L253#l259

https://github.com/travelvee/TravelToken/blob/master/travel.sol#L283

3.1. Known vulnerabilities of ERC-20 token

Severity: low

Description

  1. It is possible to double withdrawal attack. More details here
  2. Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here

4. Conclusion

The audited can be exploited to get tokens with high bonus even in advanced stages.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.