As is currently implemented, if a malicious prover lies about the depth of their Merkle tree, it will cause the verifier to panic.

The panic can be reproduced by replacing this line in the test (

let mut proof = tree.prove_batch(&[1, 2]).unwrap();
proof.depth = proof.depth + 100;

is this an inherent limitation or can this be worked around?

Thank you for catching this! This shouldn't be too difficult to fix. Basically, we should detect an invalid depth (probably during deserialization) and just return an error.