[v5.0.1] Add threshold for maxTreeDepth for serializers

[jozanek]

Partially closes #759, #781

[codecov]

Codecov Report

Merging #798 (91853dd) into v5.0.1-RC (743123c) will decrease coverage by 0.09%.
The diff coverage is 87.50%.

❗ Current head 91853dd differs from pull request most recent head 595ef21. Consider uploading reports for the commit 595ef21 to get more accurate results

@@              Coverage Diff              @@
##           v5.0.1-RC     #798      +/-   ##
=============================================
- Coverage      71.89%   71.79%   -0.10%     
=============================================
  Files            248      248              
  Lines          18942    18829     -113     
  Branches         634      573      -61     
=============================================
- Hits           13618    13519      -99     
+ Misses          5324     5310      -14     

Impacted Files	Coverage Δ
...ala/sigmastate/serialization/ValueSerializer.scala	68.69% <65.21%> (+0.41%)	⬆️
...cala/sigmastate/serialization/DataSerializer.scala	98.75% <97.36%> (+1.34%)	⬆️
sigmastate/src/main/scala/sigmastate/Values.scala	82.89% <100.00%> (+0.11%)	⬆️
...cala/sigmastate/serialization/TypeSerializer.scala	99.15% <100.00%> (+0.02%)	⬆️
.../main/scala/sigmastate/utils/SigmaByteWriter.scala	45.37% <100.00%> (+2.65%)	⬆️
.../src/main/scala/scalan/primitives/NumericOps.scala	73.91% <0.00%> (-4.35%)	⬇️
core/src/main/scala/scalan/DefRewriting.scala	72.94% <0.00%> (-1.18%)	⬇️
...ain/scala/special/collection/CollsOverArrays.scala	86.74% <0.00%> (-0.47%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 743123c...595ef21. Read the comment docs.

[aslesarenko]

Please make sure the thrown exception comes from TypeSerializer. I.e. that the test is actually testing anything.

[jozanek]

Updated in new version.

[aslesarenko]

Same issues as with the previous test I think.

[jozanek]

Correct, the TypeSerializer was completely missing handling for maxTreeDepth for both de/serializing, added to both method and updated tests.

[aslesarenko]

@jozanek please reintroduce changes so that most of the code remain the same and number of red and green lines is minimal. Otherwise I cannot estimate what was actually changed.

[jozanek]

Github diff tool is quite puzzled, had to break formatting to show it properly. I can add it in additional commit after PR is reviewed.

[aslesarenko]

Please rollback changes in deserializer, it part of the consensus, where as serializer is not.
This PR don't need to touch consensus code.

[jozanek]

done

[jozanek]

@aslesarenko can you review again please and possibly merge?

[aslesarenko]

@jozanek, this is low prioriity and considering how much unmerged code is there in develop already I'm putting this PR on hold.

[aslesarenko]

After giving more thought into this I think this feature will complicate maintenance.
Depth limits on serialisation should exactly match measurements on deserialisation.
Any difference may lead to subtle bugs in dApps using Sigma (Appkit, Fleet).
And adversary can create malicious bytes directly anyway, so the value of this checks is small.