Submission Details
Severity:
`dealersHand()` and `playersHand()` has inconsistent calculation of cardValue
Summary
In dealersHand(), if the dealer draw 13, 26, 39, or 52, it would add 0 as the cardValue to the dealer's hand. But for playersHand(), those 4 cards would add 10 to the cardValue. Hence, this means that the dealer has a 7.69% chance of adding 0 instead of 10 to its cardValue.
Vulnerability Details
function playersHand(address player) public view returns (uint256) {
uint256 playerTotal = 0;
for (uint256 i = 0; i < playersDeck[player].playersCards.length; i++) {
uint256 cardValue = playersDeck[player].playersCards[i] % 13;
-> if (cardValue == 0 || cardValue >= 10) {
playerTotal += 10;
} else {
playerTotal += cardValue;
}
}
return playerTotal;
}
function dealersHand(address player) public view returns (uint256) {
uint256 dealerTotal = 0;
for (uint256 i = 0; i < dealersDeck[player].dealersCards.length; i++) {
uint256 cardValue = dealersDeck[player].dealersCards[i] % 13;
-> if (cardValue >= 10) {
dealerTotal += 10;
} else {
dealerTotal += cardValue;
}
}
return dealerTotal;
}
Impact
This inconsistency is generally favourable for the dealer, as there is a 7.69% lower chance of getting 10 points, which can cause the dealer to go bust.
Tools Used
Recommendations
Apply the same calculation logic as playersHands().
function dealersHand(address player) public view returns (uint256) {
uint256 dealerTotal = 0;
for (uint256 i = 0; i < dealersDeck[player].dealersCards.length; i++) {
uint256 cardValue = dealersDeck[player].dealersCards[i] % 13;
- if (cardValue >= 10) {
+ if (cardValue == 0 || cardValue >= 10) {
dealerTotal += 10;
} else {
dealerTotal += cardValue;
}
}
return dealerTotal;
}
Updates
Lead Judging Commences
inallhonesty 11 months ago
Submission Judgement Published Assigned finding tags:
Asymmetric calculation of hands is rigged in the player`s favor.
Rewards breakdown
nSLOC
147This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.