tldr: lots of patching to convert calls and `__cxa_throw` calls. City data is stored in an array, you can collide this with the operation stack during a compute_time call and corrupt an object. Cities are stored as a sorted binary tree and you can get it to treat the flag data as a city and then leak this information.

Full writeup: [https://ctf.harrisongreen.me/2020/googlectf/exceptional/](https://ctf.harrisongreen.me/2020/googlectf/exceptional/)

Original writeup (https://ctf.harrisongreen.me/2020/googlectf/exceptional/).