TwentyOne
First Flight #29
Beginner FriendlyGameFiFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Random Dealer Stand Threshold Deviates from Standard Blackjack Rules

eierina

Summary

In the TwentyOne contract, the dealer's stand threshold is randomly chosen between 17 and 21 for each game. This deviates from standard Blackjack rules where dealers must consistently stand on 17, making the game unpredictable and potentially unfair.

Vulnerability Details

  • Random Stand Threshold:

uint256 standThreshold = (uint256(
keccak256(
abi.encodePacked(block.timestamp, msg.sender, block.prevrandao)
)
) % 5) + 17;

  • The dealer's decision to stand is based on a random value between 17 and 21

  • This randomization occurs in the call() function for each game

  • Standard Blackjack rules require dealer to always stand on 17

Impact

  • Unpredictable Game Dynamics:

    • Players cannot employ standard Blackjack strategy

    • Game odds vary randomly between hands

    • House edge becomes inconsistent and unpredictable

  • Game Integrity:

    • Deviates from expected casino game rules

    • Players cannot make informed decisions

    • Some hands become unfairly advantageous/disadvantageous

Tools Used

  • Manual Code Review

Recommendations

  • Implement standard Blackjack dealer rules:

function call() public {
// ... existing checks ...
// Dealer draws until reaching 17 or higher
uint256 constant DEALER_STAND_THRESHOLD = 17;
while (dealersHand(msg.sender) < DEALER_STAND_THRESHOLD) {
uint256 newCard = drawCard(msg.sender);
addCardForDealer(msg.sender, newCard);
}
// ... rest of the function
}

  • Consider implementing soft/hard 17 rules for completeness

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Validated
Assigned finding tags:

The Dealer's Play - Dealer must stand on 17

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.