TwentyOne

First Flight #29

Beginner FriendlyGameFiFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

[M-1] TwentyOne does not adhere to official BlackJack rules for a tie (called "push")

joro

Summary

TwentyOne::call function improperly deals with the case when dealerHand == playerHand. In such cases, according to official Blackjack rules, a tie (called a "push") means the player neither wins nor loses their bet; their stake should be returned. Therefore, the code should be modified to handle ties by returning the player’s bet, rather than treating it as a loss.

Vulnerability Details

If a tie occurs it will end up in the final else of this block of code:

if (dealerHand > 21) {

emit PlayerWonTheGame(

"Dealer went bust, players winning hand: ",

playerHand

);

endGame(msg.sender, true);

} else if (playerHand > dealerHand) {

emit PlayerWonTheGame(

"Dealer's hand is lower, players winning hand: ",

playerHand

);

endGame(msg.sender, true);

} else {

emit PlayerLostTheGame(

"Dealer's hand is higher, dealers winning hand: ",

dealerHand

);

endGame(msg.sender, false);

}

which would make the player lose, even though they should get their funds back in such cases. The contract currently also does not support a way to return the players' initial bet of 1 eth, so this needs to be implemented as well.

Impact

Medium as the likelyhood of a tie happening is not super high, however its crucial to be fixed as players wont be happy if they should get their money back, but they actually lose them.

Tools Used

Manual Review
Foundry (PoC unit tests can be provided upon request)
ChatGPT

Recommendations

The code should be modified to handle the tie (push) scenario correctly by returning the player's bet without any gain or loss. Correct logic should be something like this:

if (dealerHand > 21) {

// Dealer busts, player wins

} else if (playerHand > dealerHand) {

// Player's hand is higher, player wins

} else if (playerHand == dealerHand) {

// Tie game, player's bet is returned

// Implement logic to return the player's bet

} else {

// Dealer's hand is higher, player loses

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Tie case

Rewards breakdown

nSLOC

147

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.