The first solution I came up with is exactly as yours, but I tested the edge case of sending a 1million gas from the attacker function into the withdraw() of the Denial contract, and this solution seems not to fit for this case, my guess is because the while(){} consumes all the gas of the second call() execution, (the one from the Denial service into the Attacker contract), but when the execution comes back to the denial contract, it still has a tons of gas, and the call to transfer funds to the owner still works....

I was just curious to test if the solution worked for the 1m gas because the challenge description states: "If you can deny the owner from withdrawing funds when they call withdraw() (whilst the contract still has funds, and the transaction is of 1M gas or less)"

Any thoughts about this?