Incorrect King Valuation in `dealersHand()` Affects Game Balance
Summary
In the dealersHand() function of the TwentyOne contract, Kings are incorrectly valued as 0 instead of 10. This miscalculation disrupts the dealer's hand totals, affecting the game's fairness and balance.
Vulnerability Details
-
Issue: Kings are represented by
cardValue == 0after the modulo operation (cardValue = card % 13). -
Problematic Code:
if (cardValue >= 10) {dealerTotal += 10;} else {dealerTotal += cardValue;} -
Explanation: The condition
cardValue >= 10does not capture Kings (cardValue == 0), causing them to add0todealerTotalinstead of10.
Impact
Altered Dealer Hand Totals: Dealer's hand totals are inaccurately low when Kings are drawn.
Disrupted Game Balance: The fairness of the game is affected, potentially giving an unintended advantage.
Deviation from Rules: The game deviates from standard blackjack rules, affecting player trust.
Tools Used
Manual code review of the
dealersHand()function.
Recommendations
-
Correct King Valuation:
if (cardValue == 0 || cardValue >= 10) {dealerTotal += 10;} else {dealerTotal += cardValue;} -
Ensure Consistency: Verify that all face cards are correctly valued in all functions.
-
Implement Tests: Add unit tests to confirm that Kings are valued at
10.
Lead Judging Commences
Asymmetric calculation of hands is rigged in the player`s favor.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.