TwentyOne
First Flight #29
Beginner FriendlyGameFiFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

[H-1] Logic error in `TwentyOne::call`, making the dealer an unfair winner in the case of `dealerHand == playerHand`

predator

Summary

In TwentyOne::call function, provided below, we see, that the last condition else -> Dealer's hand is higher, dealers winning hand, but in this case we might have situation, like dealerHand == playerHand, that it's not correct.

Vulnerability Details

  1. Player start game.

  2. Player receives 2 cards, additionally may use hit (if necessary)

  3. Player call call().

  4. In the result it may happen that player's score playerHand is equal to dealer's score dealerhand.

  5. But unfairly player lose money.

function call() public {
.
.
.
if (dealerHand > 21) {
emit PlayerWonTheGame("Dealer went bust, players winning hand: ", playerHand);
endGame(msg.sender, true);
} else if (playerHand > dealerHand) {
emit PlayerWonTheGame("Dealer's hand is lower, players winning hand: ", playerHand);
endGame(msg.sender, true);
@> } else {
@> emit PlayerLostTheGame("Dealer's hand is higher, dealers winning hand: ", dealerHand);
endGame(msg.sender, false);
}

Impact

Logic of defining a winner is unfair for player in case of dealerHand = playerHand. But condition says, Dealer's hand is higher, dealers winning hand. The game might lose many users because of this.

Tools Used

Manual

Recommendations

There's recommendation to add a case to your TwentyOne::call function, if playerHand == dealerhand. In this case, player plays to a draw and should get his 1 ether back.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Tie case

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.