TwentyOne

Summary

The number of cards in the dealersHand function that yield a value of 10 is equal to 12, while in playersHand function it is 16, as in classic Blackjack.

Vulnerability Details

The dealersHand function uses a modulo operation with 13 to determine card values. Specifically, numbers 10, 11, 12, 23, 24, 25, 36, 37, 38, 49, 50, and 51 will yield a value of 10 due to the modulo 13 calculation. Numbers 13, 26, 39, and 52 will result in a value of 0. This means that there is roughly a 23.08% chance of drawing a card that will be valued at 10 according to the dealersHand function's logic.

But in the function playersHand numbers 13, 26, 39, and 52 will result in a value of 10 as its calculation math is different from dealersHand function.

This means that there is roughly a 30.77% chance of drawing a card that will be valued at 10 according to the dealersHand function's logic.

Impact

The dealer faces a reduced risk of receiving a high-value hand compared to players who draw cards normally. This decrease in the likelihood of obtaining a 10-value card subsequently lowers the dealer's chance of exceeding 21 and going bust .

While the exact difference may seem small, this subtle adjustment in probabilities can significantly impact the overall strategy andfairness of the game. Players should be aware of this discrepancy when making decisions based on the dealer's upcard or their own hand strength.

Tools Used

Manual code review.

Recommendations

To ensure a fair play in both dealer and player hands, the calculation math for function for determining card values should be identical for both parties. This ensures that neither the dealer nor the player has an unfair advantage in the game.