TwentyOne
First Flight #29
Beginner FriendlyGameFiFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Inconsistent Card Value Handling

0xmushow

Summary

The smart contract for the decentralized Blackjack game has inconsistent logic for calculating card values between the playersHand and dealersHand functions. This discrepancy can lead to unfair gameplay outcomes where the dealer's hand is incorrectly calculated, potentially favoring one party over another.

Vulnerability Details

In playersHand, a cardValue of 0 (e.g., representing Kings in modulo-13) is treated as 10 points:

if (cardValue == 0 || cardValue >= 10) {
playerTotal += 10;
}

In dealersHand, a cardValue of 0 is not explicitly handled and defaults to contributing 0 points:

if (cardValue >= 10) {
dealerTotal += 10;
}

Impact

The bug introduces a fundamental flaw in the game's logic, causing unequal treatment between player and dealer hands. This could lead to unfair wins or losses for players.

Tools Used

Manual Review

Recommendations

Update the dealersHand function to handle cardValue == 0 similarly to playersHand:

- if (cardValue >= 10) {
+ if (cardValue == 0 || cardValue >= 10) {
dealerTotal += 10;
} else {
dealerTotal += cardValue;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Asymmetric calculation of hands is rigged in the player`s favor.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.