fix: guard against int overflows (#344)

Signed-off-by: Chris Gianelloni <[email protected]>

Author: wolf31o2

internal/storage/storage.go

@@ -1,4 +1,4 @@
-// Copyright 2024 Blink Labs Software
+// Copyright 2025 Blink Labs Software
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -18,6 +18,7 @@ import (
 	"encoding/hex"
 	"fmt"
 	"log/slog"
+	"math"
 	"strconv"
 	"strings"
 	"sync"
@@ -194,6 +195,9 @@ func (s *Storage) AddUtxo(
 	txOutBytes []byte,
 	slot uint64,
 ) error {
+	if slot > math.MaxInt {
+		return fmt.Errorf("slot number int overflow")
+	}
 	keyUtxo := fmt.Sprintf("utxo_%s_%s.%d", address, txId, txOutIdx)
 	keyAdded := keyUtxo + `_added`
 	err := s.db.Update(func(txn *badger.Txn) error {
@@ -225,7 +229,7 @@ func (s *Storage) AddUtxo(
 			[]byte(keyAdded),
 			[]byte(
 				// Convert slot to string for storage
-				strconv.Itoa(int(slot)),
+				strconv.Itoa(int(slot)), // #nosec G115
 			),
 		); err != nil {
 			return err
@@ -241,6 +245,9 @@ func (s *Storage) RemoveUtxo(
 	utxoIdx uint32,
 	slot uint64,
 ) error {
+	if slot > math.MaxInt {
+		return fmt.Errorf("slot number int overflow")
+	}
 	keyUtxo := fmt.Sprintf("utxo_%s_%s.%d", address, txId, utxoIdx)
 	keyDeleted := keyUtxo + `_deleted`
 	err := s.db.Update(func(txn *badger.Txn) error {
@@ -253,7 +260,7 @@ func (s *Storage) RemoveUtxo(
 			[]byte(keyDeleted),
 			[]byte(
 				// Convert slot to string for storage
-				strconv.Itoa(int(slot)),
+				strconv.Itoa(int(slot)), // #nosec G115
 			),
 		); err != nil {
 			return err

internal/storage/trie.go

@@ -1,4 +1,4 @@
-// Copyright 2024 Blink Labs Software
+// Copyright 2025 Blink Labs Software
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -17,6 +17,7 @@ package storage
 import (
 	"encoding/hex"
 	"fmt"
+	"math"
 	"strconv"
 	"strings"
 	"sync"
@@ -84,6 +85,9 @@ func (t *Trie) load() error {
 }
 
 func (t *Trie) Update(key []byte, val []byte, slot uint64) error {
+	if slot > math.MaxInt {
+		return fmt.Errorf("slot number int overflow")
+	}
 	// Update trie
 	t.trie.Set(key, val)
 	// Update storage
@@ -98,7 +102,7 @@ func (t *Trie) Update(key []byte, val []byte, slot uint64) error {
 			[]byte(keyAdded),
 			[]byte(
 				// Convert slot to string for storage
-				strconv.Itoa(int(slot)),
+				strconv.Itoa(int(slot)), // #nosec G115
 			),
 		); err != nil {
 			return err
@@ -132,6 +136,9 @@ func (t *Trie) Delete(key []byte) error {
 }
 
 func (t *Trie) Rollback(slot uint64) error {
+	if slot > math.MaxInt64 {
+		return fmt.Errorf("slot number int overflow")
+	}
 	dbKeyPrefix := t.dbKeyPrefix(nil)
 	err := t.db.Update(func(txn *badger.Txn) error {
 		it := txn.NewIterator(badger.DefaultIteratorOptions)
@@ -155,6 +162,7 @@ func (t *Trie) Rollback(slot uint64) error {
 			if err != nil {
 				return err
 			}
+			// #nosec G115
 			if addSlot > int(slot) {
 				// Delete rolled-back hashes from trie
 				tmpKey := strings.TrimPrefix(