# Limit overrun
### Limit overrun
Limit overrun race conditions are a type of race condition in web applications, where an attacker exploits the timing of actions to surpass predefined restrictions. This vulnerability occurs when multiple requests are processed simultaneously, potentially bypassing application limits or altering application state in unintended ways.
**A simple example:**
* A vulnerable webapp uses coupons that can be applied once to a cart before checkout.
* There is a small time delay between when the coupon is checked to be valid, and when it becomes invalid.
* An attacker could exploit this by sending multiple requests simultaneously so that they are deemed valid until the coupon becomes invalid.
Using the same voucher multiple times within the race window.
Typical targets might include:
* Redeeming coupons multiple times
* Transferring funds in excess of the account balance
* Rating a product multiple times
### Other learning resources:
* PortSwigger's Web Security Academy:
### Writeups:
*
### Checklist:
* [ ] Identify potentially vulnerable endpoints:
* [ ] Impacts security
* [ ] Collision potential
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://appsecexplained.gitbook.io/appsecexplained/common-vulns/race-conditions/limit-overrun.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.