Guarantees for ensure clauses with malicious participants

Usually, Daml users expect that the ensure clause holds for every active contract because it’s checked at creation time. However, because it’s only checked at creation time, I’m wondering what guarantees we get in the presence of malicious submitters. Consider this case:

1. Party A is hosted on participant PA, Party B is hosted on participant PB.
2. Party A hacks their participant to allow creation of a contract they’re the only stakeholder on which violates the ensure clause.
3. Now Party A submits a transaction that fetches that contract and that fetch is divulged to participant PB (because B is a witness).

Does participant PB check that the ensure clause holds as part of model conformance and reject that transaction or is it accepted?

The current Canton implementation has the documented limitation that the submitting participant is honest, so this question is a bit outside of the currently provided scope. Long-term, the virtual shared ledger contains only model-conformant actions and ensures clauses are included in model conformance. So if party B is honest, it will not see a contract on the ledger that violates the ensures clause. Implementation-wise, PB will check the ensures clause.

Thank you!