$ cat writeup.md…
$ cat writeup.md…
hackadvisor
Task: Payment gateway with tiered API access (Starter/Growth/Premium) based on account balance; promo code WELCOME50 gives $50 credit with non-atomic check-then-update redemption logic. Solution: TOCTOU race condition — 300 concurrent threads redeem the same single-use promo code before the 'already redeemed' flag is set, inflating balance from $45 to $545 to unlock Premium tier and access /api/admin/premium-config containing the flag.
Permission denied (requires tier.pro)
Sign in with GitHub or Discord to continue. No email required.
$sign in$ grep --similar