When forwarding for a given CID, the proxy can very simply process a packet without doing any decryption. However, this means the packet may not be valid (it could be a replay, or a packet injected by someone spoofing the IP addresses and CID).
Since the proxy is acting effectively as a router, this might be acceptable. However:
When the target/origin receives bogus or duplicate QUIC packets, it may be forced to rate-limit traffic from the proxy that forwarded the bad traffic
The proxy is being made to do work of forwarding packets. If that is more expensive than something that could be done simply to validate the packet (signed hash of the packet, say), then it may be preferable to do some validation.
When forwarding for a given CID, the proxy can very simply process a packet without doing any decryption. However, this means the packet may not be valid (it could be a replay, or a packet injected by someone spoofing the IP addresses and CID).
Since the proxy is acting effectively as a router, this might be acceptable. However: