[Sniffnoy]

It's much simpler than that. (Also, you appear to have a few concepts mixed up. For instance, one doesn't execute smart contracts, but rather transactions. Smart contracts just sit there until someone sends a transaction to one, at which point it executes that transaction.)

What the bot does is that it checks each transaction that is waiting to be executed and simulates sending that transaction itself on a private blockchain forked from the real network. If the simulation results in a profit, it frontruns that transaction -- i.e., it sends the transaction itself for real, but bidding a higher price than the original sender did, so that its transaction will get executed rather than the the original transaction it's copying.

It doesn't need to perform any sort of vulnerability scan; it just mimics other people exploiting arbitrage or vulnerabilities and pays more to get there first.

Similarly, it doesn't need to adjust any destination addresses. It's just looking for arbitrage opportunities or vulnerabilities that will direct ether to the sender. Smart contracts are entirely capable of getting the address of the message sender, and using that as a destination to send ether to. So the bot doesn't need to adjust the transaction data at all, which would be substantially more complicated.