Inconsistent Logic Between playersHand and dealersHand Functions
Summary
The dealersHand function in the TwentyOne contract contains inconsistent logic compared to the playersHand function, which can result in unfair gameplay. Specifically, the handling of card values differs, causing potential discrepancies in the game's outcome.
Vulnerability Details
The dealersHand function calculates the dealer's hand total using different logic than the playersHand function. While both functions handle face cards (10, J, Q, K) correctly by assigning them a value of 10, the dealersHand function does not handle the Ace (value 0) appropriately, potentially resulting in incorrect total values and unfair game scenarios.
Impact
The inconsistent logic between the player's hand calculation and the dealer's hand calculation can lead to unfair advantages or disadvantages. This discrepancy affects the integrity of the game and can result in players losing games they should have won or vice versa, impacting user trust and satisfaction.
Tools Used
To identify this vulnerability, the following tools and techniques were used:
Manual Code Review: A thorough review of the contract's logic to identify inconsistencies between the player's and dealer's hand calculations.
Foundry
Recommendations
To fix this issue, align the logic of the dealersHand function with the playersHand function, ensuring that both handle card values, especially the Ace, in the same manner.
Lead Judging Commences
Asymmetric calculation of hands is rigged in the player`s favor.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.