: This program has a code problem.

 : The code where the vulnerability exists is in the followed section.

 // calculate lotto score
 int match = 0, j = 0;
 for(i=0; i<6; i++){
  for(j=0; j<6; j++){
   if(lotto[i] == submit[j]){
    match++;

In this part, even if only one out of six is matched by the for statement, the match can be increased to 6.


Note that the value of submit[6] in this program is character variables.
Since lotto ranges from 1 to 45, player can input one of the characters from 33 to 45 six times.