At risk of what? You just consider the invoice paid unless it officially expires. What is the real concern with play attacks? I thought it was that the receiver could arbitrarily play the transaction far in the future after claiming it failed? Just forbid canceling the transaction unless it’s expired (and shorter expiration times could be used for invoices, if necessary).