Incorrect Dealer Hand Value Calculation in TwentyOne::dealersHand Function
Summary
The dealerTotal calculation in the TwentyOne::dealersHand function does not account for cases where cardValue equals 0, resulting in an incorrect computation of dealerTotal.
Vulnerability Details
In the dealersHand function of the TwentyOne contract, when calculating the dealer's hand total (dealerTotal), the special case where cardValue equals 0 is not handled correctly. Specifically, when a card with a value of 0 is drawn, it is directly added to the total as 0 instead of being treated as 10 per the game rules. This miscalculation leads to an inaccurate dealerTotal, disrupting the normal flow of the game and affecting win/loss decisions.
Impact
Due to the miscalculation of the dealer's hand total, the following significant issues may arise:
Unfair game results, where players may lose a game they should have won.
Incorrect dealer strategy execution, affecting the overall fairness of the game.
Tools Used
Manual review.
Recommendations
It is recommended to modify the logic in the dealersHand function to correctly handle the case where cardValue equals 0. Specifically, adjust the condition from "cardValue >= 10" to "cardValue == 0 || cardValue >= 10" to ensure that a drawn card with a value of 0 is correctly treated as 10 points. This change will ensure the dealer's hand total calculation aligns with game rules.
Lead Judging Commences
Asymmetric calculation of hands is rigged in the player`s favor.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.