Missing Tie Condition in call() Function Outcome Logic
Summary
The call() function in the smart contract does not properly handle the case when the player's hand and the dealer's hand are equal. The function fails to address the tie scenario, which should result in a push (no winner or loser). As a result, the game incorrectly processes the outcome when both hands have the same value.
Vulnerability Details
In the call() function, the game checks if the player's hand is greater than the dealer's hand (else if (playerHand > dealerHand)). However, there is no explicit condition to handle the case when the player's hand is equal to the dealer's hand (playerHand == dealerHand). This omission leads to a situation where a tie is not accounted for, which is a valid outcome in Blackjack. Without this check, the game incorrectly assumes the player has lost when the hands are equal.
Impact
If both the player and dealer have the same hand value, the game will incorrectly process this as a loss for the player, as no check for a tie exists. This breaks the rules of Blackjack, where a tie should result in a push, meaning neither the player nor the dealer wins or loses. This can lead to unfair game outcomes and an inconsistent game experience.
Tools Used
Manual Code Review
Recommendations
To address this issue, a check should be added to handle the case when the player's hand is equal to the dealer's hand. In such a case, the game should recognize the tie and end with a push. The recommended fix is as follows:
This change will ensure that the game correctly handles ties between the player and the dealer.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.