About

The Underhanded C Contest is an annual contest to write innocent-looking C code implementing malicious behavior. In this contest you must write C code that is as readable, clear, innocent and straightforward as possible, and yet it must fail to perform at its apparent function. To be more specific, it should perform some specific underhanded task that will not be detected by examining the source code.

Every year, we will propose a challenge to coders to solve a simple data processing problem, but with covert malicious behavior. Examples include miscounting votes, shaving money from financial transactions, or leaking information to an eavesdropper. The main goal, however, is to write source code that easily passes visual inspection by other programmers.

C is an ideal language for this contest because of both its universality and its ability to do horrible things. C lets you overwrite stack entries, screw up function pointers, and poison all data at the bit level. C nods encouragingly as you attempt to execute a floating point array. In terms of enforcing program correctness, your typical C compiler is basically the two guards from Swamp Castle in Monty Python and the Holy Grail.

This contest goes for about 3 months every year. The prize was originally a case of beer, which was a huge mistake (the original submissions all came from outside the US.) Now it is a gift certificate to ThinkGeek.com. For the 2015 contest, however, the Nuclear Threat Initiative has generously donated a prize of $1000.