The Underhanded C Contest
The Underhanded C Contest is a programming competition where participants write short, seemingly innocent C code that actually performs malicious or unexpected actions, testing their ability to hide subtle flaws in plain sight.
Background
- The Underhanded C Contest was a programming challenge (2005–2019) where participants wrote C code that appeared honest and correct but secretly performed malicious or unexpected behavior — testing the ability to hide exploits in plain sight.
- It highlighted how hard it is to write safe, auditable C code even when reviewers are actively looking for tricks, foreshadowing real-world vulnerabilities in critical systems (e.g., open-source libraries, firmware, encryption software).
- Each year had a theme: spoofing election results, hiding backdoors in image processing, cheating at poker, etc. Winning entries used subtle abuses of integer overflow, undefined behavior, preprocessor macros, or misleading formatting.
- The contest was founded by Scott Craver, an engineer at Boeing and later a professor at Binghamton University. It ended after the 2019 edition, as the community felt compiler optimizations exploiting undefined behavior had made the challenge too easy — and too much like real-world exploit writing.