hunt-race-condition
CommunityRace the backend to prove double-spend.
System Documentation
What problem does it solve?
This Skill helps you find and validate race condition vulnerabilities where a server fails to make “check then act” operations atomic, allowing multiple concurrent requests to slip through.
Core Features & Use Cases
- Targets business-logic races: focus on limited-use actions like votes, coupons, invites, credits, payments, transfers, and deletion windows.
- Runs a parallel exploitation workflow: sets up synchronized multi-request attacks (e.g., HTTP/2 single-packet) to trigger double execution.
- Validates real impact: confirms the duplicated effect via state changes (balance/credits, counts, coupon status, or access outcomes) and measures reproducibility.
Use case: you suspect a coupon redeem endpoint or credit deduction flow is vulnerable, so you run parallel requests to demonstrate the same redeem action succeeds more than once, then document the exact timing and success rate.
Quick Start
Use the hunt-race-condition skill to race a suspected one-time endpoint (such as /redeem, /vote, or /checkout) with synchronized parallel requests and produce a reproducible validation that demonstrates duplicate state changes.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: hunt-race-condition Download link: https://github.com/AKasem1/claude-bug-bounty/archive/main.zip#hunt-race-condition Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.