Besides the bug targeted by the NameServiceBank challenge, there is another logical flaw in the NAME_SERVICE_BANK contract that allows an attacker to steal the funds of a user whose username was set with a non-zero obfuscation degree. This logical bug is independent of the Solidity version, meaning the vulnerability exists regardless of the compiler used. It could be interesting to create a new NameServiceBank2 challenge that exploits this specific bug.
I can discuss the details offline.
Besides the bug targeted by the
NameServiceBankchallenge, there is another logical flaw in theNAME_SERVICE_BANKcontract that allows an attacker to steal the funds of a user whose username was set with a non-zero obfuscation degree. This logical bug is independent of the Solidity version, meaning the vulnerability exists regardless of the compiler used. It could be interesting to create a newNameServiceBank2challenge that exploits this specific bug.I can discuss the details offline.