TwentyOne
First Flight #29
Beginner FriendlyGameFiFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

[H-5] TwentyOne::dealersHand Calculation Does Not Follow Official BlackJack Rules for Ace Calculation

joro

Summary

In BlackJack, the Ace can have a value of either 11 or 1, depending on the current hand value of the player. If the current player's hand value plus 11 is less than or equal to 21, then the Ace should be counted as 11; otherwise, it is counted as 1. This rule is not honored in the TwentyOne::dealersHand function, which adds the Ace as 10 in all cases.

Vulnerability Details

Inside TwentyOne::dealersHand the current card value is calculated with:

uint256 cardValue = dealersDeck[player].dealersCards[i] % 13;

where the card value could be between 0 and 12. When the card value is 0 (representing the Ace as it is the 13th card), the following code adds 10 to the dealer's total:

if (cardValue == 0 || cardValue >= 10) {
dealerTotal += 10;
} else {
dealerTotal += cardValue;
}

This does not follow BlackJack rules, as the Ace should be added as either 11 or 1, depending on the dealer's current hand total.

Impact

High Impact: This bug occurs 100% of the time. The TwentyOne::playersHand calculation is incorrect, which may result in players losing when they should have won, or winning when they should have lost.

Tools Used

  1. Manual Review

  2. Foundry (PoC unit tests can be provided upon request)

  3. ChatGPT

Recommendations

  1. Update the logic to properly handle the cardValue for an Ace.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Wrong ace value

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.