[M-1] Use of assert! on proof data can panic

[this-vishalsingh]

• Context: provekit/verifier/src/whir_r1cs.rs

Description

The verifier uses assert! to check the length of deferred_evals, which is derived from the proof transcript.

If a malicious proof yields an unexpected number of deferred evaluations, these assertions will panic and crash the verifier, leading to a denial-of-service.

• Impacted code

// Linear deferred
if self.num_challenges > 0 {
    assert!(
        deferred_evals.len() == offset + 6,
        "Deferred evals length does not match"
    );
    ...
} else {
    assert!(
        deferred_evals.len() == offset + 3,
        "Deferred evals length does not match"
    );
    ...
}

Recommendation

Replace assert! with error handling (e.g., using ensure!) so that unexpected deferred evaluation lengths are reported as verification errors rather than panics.