TwentyOne
First Flight #29
Beginner FriendlyGameFiFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Dealer's Cards Are Exposed, Allowing Players to Cheat

m3dython

Root Cause

The getDealerCards function allows anyone to view the dealer's cards at any time:

function getDealerCards(address player) public view returns (uint256[] memory) {
return dealersDeck[player].dealersCards;
}

This exposure includes the dealer's hidden cards, which should remain concealed until the game concludes.

Impact

  • Unfair Advantage: Players can make decisions with full knowledge of the dealer's hand, violating the game's rules.

  • Game Integrity Issues: The fundamental uncertainty of the game is compromised, leading to unfair outcomes.

  • Financial Implications: Players may win more frequently than intended, resulting in financial losses for the contract.

Recommendations

  • Restrict Access to Dealer's Cards: Modify the getDealerCards function to only reveal the dealer's cards after the game has ended.

  • Access Control: Implement access control mechanisms to ensure only authorized views are allowed, possibly by using a game state variable.

  • Partial Disclosure: If desired, only reveal one of the dealer's cards during the game, mimicking real blackjack.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.