TwentyOne
First Flight #29
Beginner FriendlyGameFiFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Unnecessary Check In `hit` Function for 21 Score

jjsonchain

Summary

In blackjack 21 is the highest score. in the hit function we check for the hand as it is when the player calls the function. However, there is an unnecessary check for the score on the handBefore

Vulnerability Details

https://github.com/Cyfrin/2024-11-TwentyOne/blob/a4429168302722d14a5e5996d25d6fc5be22a899/src/TwentyOne.sol#L110

Impact

The function checks to see if the score, as it stands, is up to 21 including. Which is true in the rules of the game. However, if it is indeed 21, any other card will make the player lose. Which means the check is right to check if the score is under 21, but if it is 21 the player lost already and can revert.

Tools Used

Manual Analysis

Recommendations

Change the check to less than:

function hit() public {
require(playersDeck[msg.sender].playersCards.length > 0, "Game not started");
uint256 handBefore = playersHand(msg.sender);
- require(handBefore <= 21, "User is bust");
+ require(handBefore < 21, "User is bust");
uint256 newCard = drawCard(msg.sender);
addCardForPlayer(msg.sender, newCard);
uint256 handAfter = playersHand(msg.sender);
if (handAfter > 21) {
emit PlayerLostTheGame("Player is bust", handAfter);
endGame(msg.sender, false);
}
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.