Ah, no, sorry again, I checked the code and the check for parent network having stateful mode enabled is only implemented if using the NIC network=<parent> option not the parent=<parent> approach you’ve used here.
We haven’t enforced the IP allocation rules when using the parent=<parent> option because you can specify an unmanaged parent bridge with that option, and there are plans to allow users to enable the security.ip_filtering* features on a NIC when using an unmanaged parent which would be blocked if we replicated the stateful check in this configuration.
See Isolation of LXD containers? for a recent discussion about this.