CTF link.
My potions would kill you, traveler. You cannot handle my potions.
The app allows users to borrow gold, buy rotation, and pay back the borrowed gold. To get to Flag, we need to go through certain steps.
Borrow gold using the /borrow URL: The user must borrow a certain amount of gold by calling the /borrow URL.
Buy SwampShade Potion with the /buy route: The user must purchase SwampShade Potion by calling the /buy route. This checks the amount of gold the user has available and controls the price of the potion to be purchased. We need to make id 4 so we can access the flag.
We look at the debt with stats. Pay back borrowed gold using the /repay route.
Repay borrowed gold using the /checkout route: The user must repay borrowed gold by calling the /checkout route. This checks if the user has purchased SwampShade Potion. If SwampShade Potion was purchased, the flag is sent to the user.
swampCTF{Y0u_c4nt_h4ndl3_my_str0ng3st_p0t10ns!}