Tags: pwn
Rating:
Open the executable in hydra and examine the code.
![code](https://i.ibb.co/rFC0d1v/photo-2022-10-01-14-07-29.jpg)
You can see that when buying flags, number_of_flags and account balance vars is used, This vars are <uint> type, so we can try to buy an unrealistic number of flags for an amount greater than 4,294,967,295 (2^32 is max value of uint).
When account_balance variable overflows, it becomes negative. Finally, we buy a large number of flags for a negative price and get money to buy a second flag. A more detailed process is described here https://en.wikipedia.org/wiki/Integer_overflow
In my case, I bought 100,000,000 (100kk*1000 > 4.2kkk) flags and received enough money on my account to buy second flag :)