1. Put your attack in contract's constructor to spam for airDrop.
2. Create a contract with address end with 0x43 to get the flag.

We did not solve the challenge in time, but I've done it. The writeup is in Vietnamese. I will try to write in English next time.

Original writeup (https://minhtt159.wordpress.com/2018/11/29/bctf-2018-blockchain-is-fucked-up/).