TwentyOne
First Flight #29
Beginner FriendlyGameFiFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

The function `TwentyOne:drawCard`, when a card is picked, the posibilities that the last number on the array has to be picked, of the deck, increase.

fishy

Description: When a cards is picked the function do the following:

  1. Put the last card of the avalible cards array into the index of the picked card

  2. Removes the last cards in the array

availableCards[player][randomIndex] = availableCards[player][ availableCards[player].length - 1 ];
availableCards[player].pop();

Doing these, on the deck of the picked cards , Will be a duplicate cards while on the last deck of cards, won't be this card

Impact: Manipulates or modificates the posibilities that a card has to be picked on each deck of cards.

Proof of Concept:

Here you have visual example of the vulnerability

  1. we have 4 card decks that look like this:

[ 1 | 2 | 3 | 4 | 5 ] [ 1 | 2 | 3 | 4 | 5 ] [ 1 | 2 | 3 | 4 | 5 ] [ 1 | 2 | 3 | 4 | 5 ]

  1. pick a random card and overwrite the last element on his index

picked remove
^ ^
[ 1 | 2 | 3 | 4 | 5 ] [ 1 | 2 | 3 | 4 | 5 ] [ 1 | 2 | 3 | 4 | 5 ] [ 1 | 2 | 3 | 4 | 5 ]
^
|---------------------------------------------------------------------------|

  1. so the array will be like this:

[ 1 | 2 | 3 | 5 | 5 ] [ 1 | 2 | 3 | 4 | 5 ] [ 1 | 2 | 3 | 4 | 5 ] [ 1 | 2 | 3 | 4 ]

we can see that on the first deck we have 2x posibilities to get the 5 while on the last deck we don't have posibilities to get this.

Recommended Mitigation:

  1. just remove the picked card

  2. make a function to divide the total cards in some card decks based on how many cards there are.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.