Changing a little on the interface. We don’t actually need to pass in a proof for the isValid function to be executed, it could just used the oracle in there. Meaning that we only need to check the transfer_call if following my example from earlier. Makes it independent of the specific implementation of isValid in the given account contract so also makes it easier to build the integrations.
@spalladino, if we have transient storage I think we can do something neat to make sure that someone else that you gave an is_valid to cannot be replayed.
As part of the payload at the entrypoint we have a nonce, if storing this nonce in transient storage, the nonce can be part of the input to the validation in is_valid meaning that it won’t be replayable. If you need it to be set by someone else, you could potentially have a function that is not static where the nonce is set etc.