I’m unable to examine the Sapling’s verifying key but from what I’m seeing in the code of phase2’s trusted setup only \delta is updated from the curve’s generator’s point leaving \gamma on the curve’s value of the generator.
According to page 17 from groth16, α ; β ; γ ; δ should be sampled by the trusted setup. This article describe an attack. But it seems to only work when \gamma, \delta are equal. Nerveless it also states both values should be sampled and not just 1.
Does this means in reality that the 2 G_2 points representing public inputs should just have unknown discrete logarithms relation in order to thwart any possible attack ?