TwentyOne

First Flight #29

Beginner FriendlyGameFiFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Incorrect Ace Value Handling in playersHand Function

murelel

Summary

The playersHand function in the TwentyOne contract contains a logical flaw in handling the value of an Ace in Blackjack. The Ace is always counted as 10, instead of being flexible and allowing it to be counted as either 1 or 11, which is essential for accurate gameplay in Blackjack.

Vulnerability Details

The playersHand function calculates the total value of a player's hand but incorrectly handles the Ace by always counting it as 10. In Blackjack, an Ace can be worth either 1 or 11, depending on which value benefits the player most without causing the total to exceed 21.

Impact

The incorrect handling of the Ace's value can lead to inaccurate totals, causing players to lose games they should have won or not get the most advantageous hand. This impacts the fairness and integrity of the game, leading to potential user dissatisfaction and mistrust.

Tools Used

To identify this vulnerability, the following tools and techniques were used:

Manual Code Review: Detailed examination of the contract’s logic to identify discrepancies with Blackjack rules.
Foundry

Recommendations

To fix this issue, update the playersHand function to correctly handle the Ace's flexible value. Here’s an improved version of the function that accurately accounts for Aces:

function playersHand(address player) public view returns (uint256) {

uint256 playerTotal = 0;

uint256 aceCount = 0;

for (uint256 i = 0; i < playersDeck[player].playersCards.length; i++) {

uint256 cardValue = playersDeck[player].playersCards[i] % 13;

if (cardValue == 0) {

playerTotal += 11; // Initially count Ace as 11

aceCount++;

} else if (cardValue >= 10) {

playerTotal += 10;

} else {

playerTotal += cardValue;

}

// Adjust Ace value if total exceeds 21

while (playerTotal > 21 && aceCount > 0) {

playerTotal -= 10;

aceCount--;

}

return playerTotal;

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Wrong ace value

Rewards breakdown

nSLOC

147

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.