TwentyOne

First Flight #29

Beginner FriendlyGameFiFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Improper handling of Aces in playersHand and dealersHand functions leading to incorrect calculations

kobbyeugene

Summary

In a standard Blackjack game, the Ace card can be either 1 or 11 depending on the current hand total. However, in both the playersHand and dealersHand functions of the contract, Aces are always treated as 10, leading to incorrect hand totals and causing issues with the game's logic.

Vulnerability Details

The playersHand function does not account for Aces as 1 or 11, and always treats them as 10. This can cause incorrect hand totals. Similarly, the dealersHand function always counts Aces as 10, which is also incorrect for dealer calculations. The code for both functions needs to be updated to properly account for Aces being counted as either 1 or 11, depending on the situation. Here are the functions:

function playersHand(address player) public view returns (uint256) {

uint256 playerTotal = 0;

for (uint256 i = 0; i < playersDeck[player].playersCards.length; i++) {

uint256 cardValue = playersDeck[player].playersCards[i] % 13;

if (cardValue == 0 || cardValue >= 10) {

playerTotal += 10;

} else {

playerTotal += cardValue;

}

return playerTotal;

}

function dealersHand(address player) public view returns (uint256) {

uint256 dealerTotal = 0;

for (uint256 i = 0; i < dealersDeck[player].dealersCards.length; i++) {

uint256 cardValue = dealersDeck[player].dealersCards[i] % 13;

if (cardValue >= 10) {

dealerTotal += 10;

} else {

dealerTotal += cardValue;

}

return dealerTotal;

}

Impact

If Aces are not handled correctly, both the player's and dealer's hands could have incorrect values, which would cause the game to have faulty logic. The game would fail to properly evaluate hand totals, leading to situations where the player or dealer could unfairly win or lose due to incorrect scoring.

Tools Used

Manual review

Recommendations

Both the playersHand and dealersHand functions should be updated to handle Aces as either 1 or 11. This is necessary for accurate hand totals and to ensure the game follows the correct Blackjack rules. If adding an Ace as 11 does not cause the hand total to exceed 21, it should be counted as 11. If adding an Ace as 11 would cause a bust (hand total > 21), it should be counted as 1.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Wrong ace value

Rewards breakdown

nSLOC

147

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.