Travelvee audit report.
2. In scope
- Travel.sol github commit hash565fd5f7ae42de2c5647fb89e8b0406483bc77b9.
In total, 6 issues were reported including:
- 2 medium severity issues.
- 4 low severity issues.
3.1. Owner Privileges
The contract owner allow himself to:
- change the price of the tokens at any moment in or after the presale phase.
- forward all fonds
- burn tokens or not after crowdsale, depends on the owner's wish
This contract is managed manually by the owner, without softcap and withdraw functions which is not good for investors.
3.2. Not restrictions for airdrop tokens
There is not restrictions of the ammount airdrop tokens in function sendBatchCS. The owner can transfer more then 2000000 tokens.
3.3. Known vulnerabilities of ERC-20 token
It is possible to double withdrawal attack. More details here.
3.4. Function _burnFrom.
Intrenal function _burnFrom is not used.
3.5. Constructor parameters.
Beginning and ending dates in constuctor are not coorect (start from 14 Oct 2018).
Update the beginning and ending dates of crowdsale.
3.6. Extra checking.
Extra checking in 172, 188-189 lines. SafeMath library checks it anyway.
Those lines may be deleted.
Some medium vulnerabilities were detected,we highly recommend to complete this bugs before use.