Good catch! This is the in flight transaction attack which is addressed with limbo exits that are outlined here: Reliable Exits of Withheld In-flight Transactions ("Limbo Exits") – and here’s another post worth taking a look at Limbo Exits and Challenging Fraudulent Exits