Skills

hunt-race-condition

Installation
SKILL.md

Crown Jewel Targets

Race conditions are high-severity findings because they break financial, access control, and integrity assumptions that defenders rarely stress-test. Highest payouts come from:

  • Monetary/credit systems — double-spending gift cards, coupons, referral bonuses, promotional credits, wallet balances
  • Vote/reputation manipulation — upvoting the same content multiple times, gaming leaderboards or trending algorithms
  • Account limits bypass — exceeding free-tier quotas, bypassing "one per user" restrictions on invites, trial activations, or API key generation
  • Privilege escalation — racing role assignment or permission checks during user creation/upgrade flows
  • Deletion bypass — reading or exfiltrating data during a narrow window between "marked for deletion" and "actually deleted"
  • Payment flows — charging a card once but receiving multiple fulfillments

Best-paying asset types: Fintech apps, SaaS platforms with credit/subscription models, social platforms with reputation systems, e-commerce checkout flows, OAuth/SSO token endpoints.

Attack Surface Signals

Installs
34
Repository
elementalsouls/…ughunter
GitHub Stars
2.6K
First Seen
May 24, 2026
Security Audits
Gen Agent Trust HubPass
SocketWarn
SnykFail
hunt-race-condition — elementalsouls/claude-bughunter