Skip to content

Instantly share code, notes, and snippets.

What would you like to do?

Travelvee audit report.

1. Summary

This document is a security audit report performed by danbogd, where Travelvee has been reviewed.

2. In scope

  • Travel.sol github commit hash565fd5f7ae42de2c5647fb89e8b0406483bc77b9.

3. Findings

In total, 6 issues were reported including:

  • 2 medium severity issues.
  • 4 low severity issues.

3.1. Owner Privileges

Severity: Medium


The contract owner allow himself to:

  • change the price of the tokens at any moment in or after the presale phase.
  • forward all fonds
  • burn tokens or not after crowdsale, depends on the owner's wish

This contract is managed manually by the owner, without softcap and withdraw functions which is not good for investors.

3.2. Not restrictions for airdrop tokens

Severity: Medium


There is not restrictions of the ammount airdrop tokens in function sendBatchCS. The owner can transfer more then 2000000 tokens.

3.3. Known vulnerabilities of ERC-20 token

Severity: low


  1. It is possible to double withdrawal attack. More details here.

  2. Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.

3.4. Function _burnFrom.

Severity: low


Intrenal function _burnFrom is not used.

3.5. Constructor parameters.

Severity: low


Beginning and ending dates in constuctor are not coorect (start from 14 Oct 2018).


Update the beginning and ending dates of crowdsale.

3.6. Extra checking.

Severity: low


Extra checking in 172, 188-189 lines. SafeMath library checks it anyway.


Those lines may be deleted.

4. Conclusion

Some medium vulnerabilities were detected,we highly recommend to complete this bugs before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.