TwentyOne
First Flight #29
Beginner FriendlyGameFiFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Bad logic in the function dealersHand

eth0x

Summary

The function dealersHand is designed to calculate the total value of the dealer's cards in a card game, presumably Blackjack.

Wrong card's value in if statment.

Vulnerability Details

In thisfunction in if statement is assumption that:

if (cardValue >= 10) {
dealerTotal += 10;
} else {
dealerTotal += cardValue;
}
...

However, the logic for handling Aces is missing here. An Ace can have a value of either 1 or 11, depending on what is more beneficial for the hand.

This important logic for Aces has been omitted.

Impact

The total value of a player's or dealer's hand can be miscalculated, leading to incorrect game outcomes.

Tools Used

manual review

Recommendations

Here is small sugestion what you can do to fix this vulnerability.

function dealersHand(address player) public view returns (uint256) {
uint256 dealerTotal = 0;
uint256 aceCount = 0;
for (uint256 i = 0; i < dealersDeck[player].dealersCards.length; i++) {
uint256 cardValue = (dealersDeck[player].dealersCards[i] % 13) + 1;
if (cardValue == 1) {
// Ace can be worth 1 or 11
aceCount += 1;
dealerTotal += 11; // Initially count Ace as 11
} else if (cardValue >= 10) {
// Face cards (Jack, Queen, King) are worth 10
dealerTotal += 10;
} else {
// Number cards are worth their face value
dealerTotal += cardValue;
}
}
// Adjust for Aces if total value exceeds 21
while (dealerTotal > 21 && aceCount > 0) {
dealerTotal -= 10; // Convert one Ace from 11 to 1
aceCount -= 1;
}
return dealerTotal;
}

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Wrong ace value

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.