: The application carries out a set of operations (e.g., reducing the total order value).
The most common vulnerability pattern is Time-of-Check to Time-of-Use (TOCTOU), where a security check and the subsequent action are executed as separate operations. An attacker sends concurrent requests that interleave, causing the application to enter an inconsistent state. For example, consider a coupon redemption system that first checks if a coupon is unused, then applies the discount, and finally marks the coupon as used. An attacker sending multiple concurrent requests can cause all requests to pass the check before any reaches the marking step, resulting in multiple uses of the same coupon. race condition hackviser
HVthreads_are_not_atomic_2e6a9f