He doesn't really provide an analysis of the attack for all the existing upfront fee proposals which kind of implies this is a vulnerability regardless of the upfront fee design?

There are least 4 upfront fee proposals here: https://github.com/t-bast/lightning-docs/blob/master/spam-prevention.md