[Bug] Deserialization/Parsing consumes more input than permitted.

[d0cd]

🐛 Bug Report

A number of datatypes implement the FromBytes, ToBytes, and Parser traits. Some implementations are initially more permissive, for example:

• Function::read_le accepts more inputs than MAX_INPUTS before it is checked later.
• Plaintext::read_le/parse accepts more than MAX_ENTRIES before it is checked later.

A potential attack vector is that a malicious actor can send a node large messages that may waste a node's compute. Of course, this can be mitigated by fees. Ideally, the deserializer/parser should stop as soon as the input exceeds the bounds set by NETWORK.

Some further questions:

• what is the maximum number of verifying keys in a deployment?

[raychu86]

Should be resolved with https://github.com/AleoNet/snarkVM/pull/1988