🏇Race Conditions

What is Race Conditions

A race condition is a software vulnerability that occurs when multiple threads or processes access shared resources concurrently, potentially leading to unexpected behavior, data corruption, or security vulnerabilities.

Race conditions are a common type of vulnerability closely related to business logic flaws. They occur when websites process requests concurrently without adequate safeguards. This can lead to multiple distinct threads interacting with the same data at the same time, resulting in a "collision" that causes unintended behavior in the application. A race condition attack uses carefully timed requests to cause intentional collisions and exploit this unintended behavior for malicious purposes.

The period of time during which a collision is possible is known as the "race window". This could be the fraction of a second between two interactions with the database, for example.

Like other logic flaws, the impact of a race condition is heavily dependent on the application and the specific functionality in which it occurs.

REFERENCES

• https://portswigger.net/web-security/race-conditions

• https://portswigger.net/research/smashing-the-state-machine