How to understand the argument “if the adversary outputs x then it queries (a, x) to oracle”？

When I read the work of Dodis et al. ref1, it looks as if I have encountered a simple logical bug. (I'm not concerned with the details of secure proof techniques, but with the logic of reasoning.)

In this article, Dodis et al. demonstrate the one-way security of ROM-AI (ROM with auxiliary information). The core idea is to first consider event A, which means "the attacker has accessed the oracle (a,x1)", where 'a' means a salt. Then, through a series of proof techniques, it was proved that Pr[A] is less than a specific quantity \epsilon.

And the point came: After completing the above steps, the author argues that if the attacker can correctly recover x1 in O(a,x1), it indicates that the attacker has previously accessed the oracle (a,x). Since Pr[A] is less than a specific quantity (event A means "the attacker has accessed (a,x)"), the attacker's win rate (reverting x1) in the game is less than \epsilon.

Is this logic correct? The attacker can attack in a variety of ways, and it is possible that he can recover x1 without accessing it to Oracle at all. Isn't his logic wrong in this way?

Let me re-phrase the sentence that you quoted:

Suppose you are given an algorithm $A_1$ with some property. Use this $A_1$ to design another algorithm $\hat A_1$ with the following behavior: $$ \begin{array}{l} \underline{\hat A_1^{\mathcal O}(st,a,y):} \\ \text{run}~x \gets A_1^{\mathcal O}(st,a,y) \\ \text{query}~\mathcal{O}(a,x) \end{array} $$ If $A_1^{\mathcal O}(st,a,y)$ outputs the "correct" $x$ with probability $\epsilon$, then $\hat A_1^{\mathcal{O}}(st,a,y)$ queries its oracle at the "correct" $(a,x)$ also with probability $\epsilon$. Also, $\hat A_1$ makes at most one more oracle query than $A_1$ does.

Corollary 3 from that paper bounds the probability that such an algorithm $\hat A_1$ could query its oracle at $(a,x)$. Thus, Corollary 3 bounds the probability that $A_1$ could output the correct $x$.