Basically, the load balancer for other challenges had a bug (CVE-2022-23632) where if you used an FQDN, you could bypass mutual TLS and access the backend directly to bypass cloudflare. There was also an alternative solution involving cloudflare class E pseudo IPv4 addresses.

See https://blog.bawolff.net/2022/07/write-up-dicectf-2022-flare-and.html for full discussion

Original writeup (https://blog.bawolff.net/2022/07/write-up-dicectf-2022-flare-and.html).