Recent tor relays do use canonical connections

5.3.1. Canonical connections

   It is possible for an attacker to launch a man-in-the-middle attack
   against a connection by telling OR Alice to extend to OR Bob at some
   address X controlled by the attacker.  The attacker cannot read the
   encrypted traffic, but the attacker is now in a position to count all
   bytes sent between Alice and Bob (assuming Alice was not already
   connected to Bob.)

   To prevent this, when an OR gets an extend request, it SHOULD use an
   existing OR connection if the ID matches, and ANY of the following
   conditions hold:
       - The IP matches the requested IP.
       - The OR knows that the IP of the connection it's using is canonical
         because it was listed in the NETINFO cell.
       - The OR knows that the IP of the connection it's using is canonical
         because it was listed in the server descriptor.

   [This is not implemented in Tor 0.2.0.23-rc.]

But it was implemented in some version since then.