OWASP TimeGap Theory is an auto-scoring capture-the-flag game. Unlike other CTFs, TimeGap theory focuses only on TOCTOU vulnerabilities. Until the release of TimeGapTheory, WebGoat was the only project where people could try out thread-safety issues. On top of that, there was only one challenge there. TimeGap Theory comes with 7 unique challenges.
We're yet to disclose the best part. All challenges in TimeGap Theory can be solved by using browser dev tools. This means no need for fiddling with proxy setup. Setting up the TimeGap theory lab is also very easy. You can either issue a docker command or just do a one-click install on Hadoop to get the lab running.
TimeGap Theory is free and open-source. This means all these amazing stuff are going to cost you exactly ZERO money. On top of that, you get books, videos, and even a support channel on Slack channel in case you get stuck on the TOCTOU journey.