Challenge has multiple vulnerabilities.
There's a format string vulnerability and a stack overflow via memcpy inside the "Show Scoreboard" function.
In my exploit I used the stack overflow with no canary and a full ROP since the binary was statically compiled.

Original writeup (https://github.com/uafio/git/blob/master/scripts/bioterraCTF-snake32.py).