The goal of this level is to deny the owner from withdrawing funds from Denial when they call the function withdraw(). The issue with the withdraw() function is that it is vulnerabile to DOS attacks, hence why the level is named "Denial". The function setWithdrawPartner() is public, allowing anyone to call the function and become a partner. Once we are a partner, we can call withdraw(). The withdraw() function makes two external calls: to the partner address and the owner address, transfering 1% of Ether to each. This is problematic insofar the partner address is called first without any sort of return check or specified gas value. Without a specified gas value, call() forwards all the gas along with the call. Here, we could drain the remaining gas in a fallback() or receive() function when we receive the funds. This would drain all the remaining gas and prevent further execution.
To pass this level, simply deploy the AttackDenial contract in AttackDenial.sol, passing in the instance address to the constructor(). This sets your smart contract's address as a partner and consumes any gas forwarded to it once it recieves funds.