TwentyOne
First Flight #29
Beginner FriendlyGameFiFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing Events Limit Game State Tracking and Auditability

eierina

Summary

The TwentyOne contract lacks critical events for tracking game progression and state changes. While it emits events for game end states, it fails to emit events for several key actions.

Vulnerability Details

Currently only emits:

event PlayerLostTheGame(string message, uint256 cardsTotal);
event PlayerWonTheGame(string message, uint256 cardsTotal);
event FeeWithdrawn(address owner, uint256 amount);

Missing events for:

  • Game start with initial cards and bet amount

  • Player hitting (drawing new cards)

  • Dealer actions (card draws and threshold)

  • Bet placements

Impact

  • Limited ability to track game progression

  • Difficult to audit gameplay and diagnose issues

  • Reduced transparency for players and monitoring systems

  • Challenges in frontend integration and state syncing

Tools Used

  • Manual Code Review

Recommendations

Add events for all key state changes and actions, particularly around:

  • Game initialization

  • Card draws (both player and dealer)

  • Bet placement

  • Dealer decision points

While not a security risk, proper event emission would significantly improve monitoring and user experience.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.