Code that passed review. Crashes in production.
Real bugs from real codebases — the kind that look fine in dev, sail through code review, and only surface under load or in edge cases. Spot the bug, get the full breakdown in your inbox.
Five bugs, one assumption: it works on your machine.
Filter by difficulty or category. Each card shows a code preview — full solution lands in your inbox after you submit your guess.
The WebSocket That Won't Forget
This WebSocket handler looks clean but will slowly consume all your memory.
const WebSocket = require('ws');
const EventEmitter = require('events');
const notifications = new EventEmitter();
const wss = new WebSocket.Server({ port: 8080 });
The Connection Pool That Never Releases
This query function works perfectly in testing but will bring down production.
const { Pool } = require('pg');
const pool = new Pool({
max: 20,
connectionTimeoutMillis: 5000,
});
The Security Hole in String Comparison
This auth check leaks one byte at a time. Enough requests, your signing key is gone.
const crypto = require('crypto');
function verifySignature(token, secret) {
const [header, payload, signature] = token.split('.');
// Recreate the signature
const data = `${header}.${payload}`;The Race Condition in Your Cache
This caching logic seems bulletproof but has a subtle race condition.
class UserCache {
constructor() {
this.cache = new Map();
}
async getUser(userId) {
// Check cache firstThe Memory Leak That Passed Code Review
This Node.js stream implementation looks fine but will crash your server under load.
const http = require('http');
const fs = require('fs');
const server = http.createServer((req, res) => {
const filePath = './large-file.pdf';
// Stream the file to the responseHow the challenge format works.
No login, no streaks, no leaderboard. Just real bugs and real solutions.
Each challenge is a real piece of code that passed code review at some point. Look for what's missing, what's assumed, what breaks at scale.
Drop your email and a short answer. No grading — just a way to compare your read against the actual root cause.
Solution lands in your inbox: what's wrong, why it passed review, the fix, and why the fix matters. Plus the next challenge when it drops.
New challenge every 2 weeks.
Production bugs, code review traps, performance gotchas. Short, technical, no fluff. ~5 min reads.