Eric could allow those initial three messages to pass unmolested. In this case Alice and Bob now have an authenticated connection and Eric is unable to read or modify their messages. So I suppose you don't mean that.
What if Eric just substitutes his own message for Alice's in step 1? He provides his own parameters. Since these were not Alice's parameters, Alice will not provide an acceptable Digest for the conversation, the parameters Eric sent to Bob are different and do not match the transcript, the connection is terminated.
What if Eric substitutes Bob's only message in step 2? He provides his own parameters, and he can respond with a transcript digest for this alternate conversation. Now in fact the TLS 1.3 connection exists as normal, but it is between Alice and Eric. We're actually fine! We have a properly authenticated connection, with unidentified participants (we know they're Alice and Eric but Alice and Eric don't know that). Bob's connection fails, or he is unaware that Alice tried to connect.
Finally if Eric waits until Alice's second message in step 3, no message Eric knows how to construct is satisfactory. Only Alice's original message will work, other messages cause the connection to fail because Bob will not accept them.
Or, imagine that there isn't even one legitimate Bob in the world. But Alice is still talking to someone who follows the protocol, and is indistinguishable from a real Bob. Is that possible?
For Alice there's no difference between a Bob whose identity you don't know and an Eric whose identity you don't know, they're each just another anonymous party.
Eric can't fool Alice and Bob into believing they're talking to each other, because they're using separate channels and identity systems will bind to the channel. Suppose Bob provides his identity, that's bound to the Eric-Bob channel, when Eric copies it to the Eric-Alice channel it's just obviously fraudulent, he could have made his own fraudulent claim of Bob's identity just as easily.
