Hacking GraphQL API Using Race Conditions
Introduction I have been using this platform for quite a few years. I will not be disclosing the platform’s name for obvious reasons. While using it, I discovered an interesting functionality related to in-game currency. Periodically, users are awarded a gift that, when claimed, grants them 10 coins. These coins can be used to acquire merchandise, premium subscriptions, and other benefits on the platform. I made a mental note of this feature and continued with my day, procrastinating.