TwentyOne
First Flight #29
Beginner FriendlyGameFiFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

The function `TwentyOne:drawCard`, when a card is picked, the posibilities that the last number on the array has to be picked, of the deck, increase.

fishy

Description: When a cards is picked the function do the following:

  1. Put the last card of the avalible cards array into the index of the picked card

  2. Removes the last cards in the array

availableCards[player][randomIndex] = availableCards[player][ availableCards[player].length - 1 ];
availableCards[player].pop();

Doing these, on the deck of the picked cards , Will be a duplicate cards while on the last deck of cards, won't be this card

Impact: Manipulates or modificates the posibilities that a card has to be picked on each deck of cards.

Proof of Concept:

Here you have visual example of the vulnerability

  1. we have 4 card decks that look like this:

[ 1 | 2 | 3 | 4 | 5 ] [ 1 | 2 | 3 | 4 | 5 ] [ 1 | 2 | 3 | 4 | 5 ] [ 1 | 2 | 3 | 4 | 5 ]

  1. pick a random card and overwrite the last element on his index

picked remove
^ ^
[ 1 | 2 | 3 | 4 | 5 ] [ 1 | 2 | 3 | 4 | 5 ] [ 1 | 2 | 3 | 4 | 5 ] [ 1 | 2 | 3 | 4 | 5 ]
^
|---------------------------------------------------------------------------|

  1. so the array will be like this:

[ 1 | 2 | 3 | 5 | 5 ] [ 1 | 2 | 3 | 4 | 5 ] [ 1 | 2 | 3 | 4 | 5 ] [ 1 | 2 | 3 | 4 ]

we can see that on the first deck we have 2x posibilities to get the 5 while on the last deck we don't have posibilities to get this.

Recommended Mitigation:

  1. just remove the picked card

  2. make a function to divide the total cards in some card decks based on how many cards there are.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!