The vulnerability of the attack lies in the incorrect integer division issue when destroying deposit certificates, but the hacker did not anticipate that "the mantis stalks the cicada, unaware of the oriole behind."