TwentyOne

Summary

In the TwentyOne::call function, the dealer should stop drawing cards immediately upon reaching a hand total of 17 points. However, the current logic allows the dealer to continue drawing cards within the range of 17 to 21 based on a strategy threshold, violating standard Blackjack rules.

Vulnerability Details

In the call function of the TwentyOne contract, the dealer's card-drawing strategy is implemented with a threshold between 17 and 21. This logic permits the dealer to make further decisions even after their hand total reaches 17 points. This violates the fundamental rule of standard Blackjack, where the dealer must stand when their hand total is 17 or higher. Specifically, the call function fails to halt drawing cards when dealerTotal >= 17, allowing the dealer to potentially gain an unfair advantage by continuing to play beyond this point.

Impact

This deviation from standard rules introduces several issues:

1. Unfair Gameplay: The dealer gains an undue advantage by continuing to draw cards above 17 points, compromising the fairness of the game.

2. Reduced Predictability: Players cannot rely on standard rules to make informed decisions, negatively affecting their gameplay strategy.

3. Trust and Credibility Risks: Straying from established Blackjack rules may lead users to question the fairness of the game, harming the platform's reputation.

Tools Used

Manual review.

Recommendations

Adjust the standThreshold in the TwentyOne::call function to a fixed value of 17. This ensures the dealer stops drawing cards as soon as their hand total reaches 17 points, adhering to standard Blackjack rules. The following code modification is suggested:

This change aligns the game mechanics with standard Blackjack rules, ensuring fairness and predictability for players.