Submission Details
Severity:
Incorrect Game Winner Determination Logic
Summary
The call() function has several logical flaws in determining the winner of the game. It doesn't properly check for player busts and has incorrect win/loss conditions.
Impact
Players can win even when bust (over 21)
Incorrect payouts possible
Potential for unfair wins/losses
Proof of Concept
if (dealerHand > 21) {
emit PlayerWonTheGame(
"Dealer went bust, players winning hand: ",
playerHand
);
endGame(msg.sender, true);
} else if (playerHand > dealerHand) {
emit PlayerWonTheGame(
"Dealer's hand is lower, players winning hand: ",
playerHand
);
endGame(msg.sender, true);
} else {
emit PlayerLostTheGame(
"Dealer's hand is higher, dealers winning hand: ",
dealerHand
);
endGame(msg.sender, false);
}
-
In this case if Dealer has more than 21 he lost, but we also should check how much Player has
-
if Player has more than Dealer, Player wins, we're not even comparing numbers to 21 (if Player bust)
Recommendations
Add check if Player is bust before other checks
+ if (playerHand > 21) { // Better to use constant
+ emit PlayerLostTheGame("Player is bust", playerHand);
+ endGame(msg.sender, false);
+ return;
+ }
Updates
Rewards breakdown
nSLOC
147This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.