The smart contract for the TwentyOne
blackjack game improperly handles tie scenarios (pushes). Under standard blackjack rules, if the dealer and player have the same total, the game is a "push," and the player’s bet is returned. However, the contract currently treats ties as a dealer win, which is inconsistent with classic gameplay rules.
Location: The vulnerability exists in the call()
function:
Issue: When the player and dealer hands are equal, the dealer is declared the winner, and the player loses their bet. This violates blackjack rules.
Fairness Violation: Players lose their bet in cases where they should have received a push, leading to unfair gameplay.
User Trust: This discrepancy from standard rules could harm the credibility of the platform.
User Losses: Players are financially disadvantaged in a manner not aligned with classic blackjack gameplay.
Manual Review
Add tie scenario to the endGame()
method, that would include 3 args. Such as :
And then in the call()
function add a new case, and add a new event PlayerAndDealerEqualHands
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.