VERIFICATION FAILED: When I tried to verify this vulnerability. I found the have changed oracle's PubKey this month. Crackers cannot replay signature. They can only replay mail hash
By decoding the old unlock script, it's easy to get the SHA256s of subscriber emails who have solved Puzzle#1. Then cracker can calculate the P2SH address of each subscriber's fund.