TwentyOne

First Flight #29

Beginner FriendlyGameFiFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Lack of Check for Player Winning or Push in Hit Function

eth0x

Summary

The hit function is for add new card to Player's hand.

There is the check for Player's bust. But there are not for push or win.

Vulnerability Details

The hit function lacks the necessary if statements to handle scenarios where the player either wins or the game results in a push. This omission can lead to improper game outcomes, as the conditions for a player's victory or a tie are not adequately addressed.

Having 21 points does not automatically conclude the game or guarantee a win for the player. To officially end the game, the call function must be invoked. Only after this function is executed can the game be concluded and the outcome determined.

Impact

The absence of if statements to handle winning and push scenarios impacts gas consumption. As a result, the player must invoke the call function to conclude the game properly. Only after this function is executed can the game officially end.

Tools Used

manual review

Recommendations

Please rethinking the protocol.

function hit() public {

require(

playersDeck[msg.sender].playersCards.length > 0,

"Game not started"

);

uint256 handBefore = playersHand(msg.sender);

// @audit low "User is bust" should be Player

require(handBefore <= 21, "Player is bust");

uint256 newCard = drawCard(msg.sender);

addCardForPlayer(msg.sender, newCard);

uint256 handAfter = playersHand(msg.sender);

if (handAfter > 21) {

emit PlayerLostTheGame("Player is bust", handAfter);

endGame(msg.sender, false);

// @audit here you can also take under consideration value of cards in the dealer's hands.

} else if (handAfter == 21) {

emit PlayerWonTheGame("Player hit 21 and wins!", handAfter);

endGame(msg.sender, true);

} else if (handAfter == dealersHand(msg.sender)) {

emit GamePush("Push: Both player and dealer have the same hand: ", handAfter);

endGame(msg.sender, false);

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Rewards breakdown

nSLOC

147

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.