yeah, that’s the problem. Take the lottery Dapp as an example. When you try to claim the rewards in slot n, you are gonna use the slot n randao value which actually has been revealed to all users before slot n.
Cuz, users just need to calcuate the value according to PREVRANDAO[n] = PREVRANDAO[n-1] XOR (SHA256(RANDAO_REVEAL(n-1)).
Attackers just need to wait for the right randao value to claim the lottery rewards for sure.
That’s why the RANDAO(n) function is indispensable for security in my opnion.