Travelvee_audit_report.md

Travelvee audit report.

1. Summary

This document is a security audit report performed by danbogd, where Travelvee has been reviewed.

2. In scope

• Travel.sol github commit hash565fd5f7ae42de2c5647fb89e8b0406483bc77b9.

3. Findings

In total, 6 issues were reported including:

• 2 medium severity issues.
• 4 low severity issues.

3.1. Owner Privileges

Severity: Medium

Description

The contract owner allow himself to:

• change the price of the tokens at any moment in or after the presale phase.
• forward all fonds
• burn tokens or not after crowdsale, depends on the owner's wish

This contract is managed manually by the owner, without softcap and withdraw functions which is not good for investors.

3.2. Not restrictions for airdrop tokens

Severity: Medium

Description

There is not restrictions of the ammount airdrop tokens in function sendBatchCS. The owner can transfer more then 2000000 tokens.

3.3. Known vulnerabilities of ERC-20 token

Severity: low

Description

1. It is possible to double withdrawal attack. More details here.

2. Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.

3.4. Function _burnFrom.

Severity: low

Description

Intrenal function _burnFrom is not used.

3.5. Constructor parameters.

Severity: low

Description

Beginning and ending dates in constuctor are not coorect (start from 14 Oct 2018).

Description

Update the beginning and ending dates of crowdsale.

3.6. Extra checking.

Severity: low

Description

Extra checking in 172, 188-189 lines. SafeMath library checks it anyway.

Recommendation

Those lines may be deleted.

4. Conclusion

Some medium vulnerabilities were detected,we highly recommend to complete this bugs before use.