I'm really confused why people bring this up. You're not the only one, so I don't blame you in particular, but it's still strange to me. One of the key elements of CFAA is "without authorization" -- it's literally in the first sentence.
Given that the explicit, stated purpose of these types of challenges (of which there are many, many other examples (https://ctftime.org/)) is to be backed, it'd be pretty weird to think someone could be charged under CFAA for it.
Given that the explicit, stated purpose of these types of challenges (of which there are many, many other examples (https://ctftime.org/)) is to be backed, it'd be pretty weird to think someone could be charged under CFAA for it.