If you have defined a way to detect misbehavior, it means there are out-of-circuit checks for S, and adding a description would be beneficial. Otherwise, exposing anything in instances without out-of-circuit checks could be pointless in my opinion.
The detection appears specific to this app and not universal for validators. I’m curious who is responsible detecting misbehaviour? Likely not the receivers. If receivers must decide if the receiving is valid after the transaction is complete, we gain little benefit from signature verification in circuits since receiver involvement is still required.
Yeah, you are right. I didn’t want to explicitly add it to the post to avoid extending the scope of it (and avoid thinking about this stuff haha)
If we are assuming receive logics distributed semi-privately, anyone can detect misbehaviour. Perhaps, there are might be services for that the user trusts.
There is a long-term benefit in that (the sender still cannot use just any logic, only an outdated one).
Perhaps another solution based on some key hierarchy (where any signature signed by key X is okay, but if we want to update the logic, we update the key as well) could make sense, but I didn’t explore that much.