Summary

The documentation claims that the official blackjack rules are followed, but the contract does not correctly implement the rule that the dealer must stand on 17.

In the call function, the standThreshold is generated by adding a random value between 0 and 4 to 17, resulting in a value between 17 and 21.

However, due to this logic, if the standThreshold is greater than 17 (i.e., 18, 19, 20, or 21), the dealer will continue drawing cards even if the dealer already has 17. This violates the blackjack rule that requires the dealer to stop drawing cards and stand once the dealer reaches 17, as the dealer should not draw any more cards if the dealer's hand equals 17

Vulnerability Details

The problem occurs when uint256 standThreshold generates a value greater than 17. When executing while (dealersHand(msg.sender) < standThreshold), the dealer will continue drawing cards even though they should have stopped once their hand reaches 17.

This happens because the logic is configured to keep drawing cards until the dealer’s hand value is equal to or exceeds the standThreshold, which can cause the dealer to continue drawing even after reaching 17.

Impact

This issue completely alters the game's logic and breaks the official blackjack rules.

Here’s one example:

• The player stands with 17 and calls the function to have the dealer draw cards.

• The dealer generates a stand threshold of 21, then the dealer draws cards (e.g., 10 + 9), bringing their total to 19. According to blackjack rules, the dealer should stop here and win, but since the stand threshold is set to 21, the dealer is forced to continue drawing cards. Statistically, it would be extremely difficult for the dealer to draw a 2 to continue winning, which forces the dealer into an unrealistic situation.

Tools Used

Manual Review.

Recommendations

Change the entire logic of the function so that when the dealer's hand reaches a value greater than or equal to 17, they stand and the rest of the function executes to determine the result.