Vulnerability for Puzzle#2: Relay attack. In Puzzle#1, somebody have sent a tx with whose <SHA256 of subscribed email> in the unlock script.
VERIFICATION FAILED: When I tried to verify this vulnerability. I found the have changed oracle's PubKey this month. Crackers cannot replay signature. They can only replay mail hash
Errata: Relay attack -> Replay attack.
Related txs can be found at address bitcoincash:prjjuwfpym5macvx90rxnnkfw5v8asgvxgytk8pf0t.
By decoding the old unlock script, it's easy to get the SHA256s of subscriber emails who have solved Puzzle#1. Then cracker can calculate the P2SH address of each subscriber's fund.
SHA256(subscriber email who have solved Puzzle#1) have been leaked in Puzzle#1 related transactions' unlocking scripts.
And finally steal the funds haven't been claimed with the help of oracle.
