When purchasing coins for Reddit on Android there is a call to a /verify_purchase endpoint which is vulnerable to a race condition. The idea being that this endpoint, being provided some of the transaction information would validate it and give the coins to the purchaser, however there is a problem when handling multiple concurrent requests to endpoint. Allowing for multiple threads to end the “add coins” area of the code with a single on a single transaction. This is fundamentally a “Time-of-Check Time-of-Use” (TOCTOU) style issue. In Reddit’s codebase there is likely some code similar to the following:

transaction = lookup_transaction(transaction_id)
if not transaction.finalized:
    give_user_coins(transaction.purchaser, transaction.coin_amount)
    finalize_transaction(transaction)

The issue being that without any synchronization between threads you could have multiple requests hit that if statement before any has reached the finalize_transaction call; and so multiple threads will give the user coins.