[Low] XDM - Delay in XDM message execution allows opportunistic attacks on src/dst chain

[mmostafas]

Issue Description

An XDM message is not executed on the destination chain (dst_chain) until the domain block of the source chain (src_chain_id) containing the originating extrinsic is out of the challenge period or has reached archiving depth. This delay allows a malicious actors to exploit the pending status of the XDM message to leverage different types of attacks.

Risk

The delay in executing XDM messages can lead to opportunistic attacks such as front-running.

Mitigation

As we do not see an immediate solution for these issues, we recommend raising awareness about the presence of such threats in the ecosystem to better protect users.

[NingLin-P]

An XDM message is not executed on the destination chain (dst_chain) until the domain block of the source chain (src_chain_id) containing the originating extrinsic is out of the challenge period or has reached archiving depth.

Not really, the XDM is only relay to the dst chain after the domain block of the source chain (src_chain_id) containing the originating extrinsic is out of the challenge period, and the XDM contains necessary proof to prove for the dst chain that it is indeed confirmed in the source chain.