ci: Bump golang linter version

.github/workflows/build.yml

@@ -293,7 +293,7 @@ jobs:
       - name: Formatting checks
         run: ./scripts/lint.sh -l -g format
       - name: Install linters
-        run: curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.60.1
+        run: curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.63.4
       - name: Run linters
         run: make generate && golangci-lint --version && ./scripts/lint.sh -g lint
       - name: Ensure generated proto matches

node/cmd/ccq/query_server.go

@@ -258,9 +258,10 @@ func runQueryServer(cmd *cobra.Command, args []string) {
 		if statServer != nil && *shutdownDelay1 != 0 {
 			logger.Info("Received sigterm. disabling health checks and pausing.")
 			statServer.disableHealth()
-			time.Sleep(time.Duration(*shutdownDelay1) * time.Second)
+			time.Sleep(time.Duration(*shutdownDelay1) * time.Second) // #nosec G115 -- Defaults to 25 seconds, overflowing is infeasible
 			numPending := 0
 			logger.Info("Waiting for any outstanding requests to complete before shutting down.")
+			// #nosec G115 -- Defaults to 65 seconds, overflowing is infeasible
 			for count := 0; count < int(*shutdownDelay2); count++ {
 				time.Sleep(time.Second)
 				numPending = pendingResponses.NumPending()

node/cmd/guardiand/adminclient.go

@@ -9,6 +9,7 @@ import (
 	"fmt"
 	"io"
 	"log"
+	"math"
 	"os"
 	"strconv"
 	"strings"
@@ -301,6 +302,7 @@ func runFindMissingMessages(cmd *cobra.Command, args []string) {
 	if err != nil {
 		log.Fatalf("invalid chain ID: %v", err)
 	}
+
 	emitterAddress := args[1]
 
 	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute)
@@ -312,6 +314,11 @@ func runFindMissingMessages(cmd *cobra.Command, args []string) {
 	}
 	defer conn.Close()
 
+	// Although chains ids are constrained to be 16 bit, we only constrain to 32 bit here given the protobuf usage later
+	if chainID > math.MaxUint32 {
+		log.Fatalf("chain ID is not a valid 32 bit unsigned integer: %v", err)
+	}
+
 	msg := nodev1.FindMissingMessagesRequest{
 		EmitterChain:   uint32(chainID),
 		EmitterAddress: emitterAddress,
@@ -343,6 +350,10 @@ func runDumpVAAByMessageID(cmd *cobra.Command, args []string) {
 	if err != nil {
 		log.Fatalf("invalid chain ID: %v", err)
 	}
+	// We only constrain this to int32 now, not uint16, given the ChainID protobuf definition
+	if chainID > math.MaxInt32 {
+		log.Fatalf("chain id must not exceed the max int32: %v", chainID)
+	}
 	emitterAddress := parts[1]
 	seq, err := strconv.ParseUint(parts[2], 10, 64)
 	if err != nil {
@@ -560,7 +571,7 @@ func runChainGovernorResetReleaseTimer(cmd *cobra.Command, args []string) {
 	if len(args) > 1 {
 		numDaysArg, err := strconv.Atoi(args[1])
 
-		if err != nil {
+		if numDaysArg > math.MaxUint32 || err != nil {
 			log.Fatalf("invalid num_days: %v", err)
 		}
 

node/cmd/guardiand/adminnodes.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"log"
+	"math"
 	"os"
 	"sort"
 	"strings"
@@ -166,6 +167,9 @@ func runListNodes(cmd *cobra.Command, args []string) {
 		truncAddrs := make(map[vaa.ChainID]string)
 		errors := map[vaa.ChainID]uint64{}
 		for _, n := range h.RawHeartbeat.Networks {
+			if n.Id > math.MaxUint16 {
+				log.Fatalf("heartbeat chain id is greater than MaxUint16: %v", n.Id)
+			}
 			heights[vaa.ChainID(n.Id)] = n.Height
 			errors[vaa.ChainID(n.Id)] = n.ErrorCount
 			if len(n.ContractAddress) >= 16 {

node/cmd/guardiand/admintemplate.go

@@ -359,15 +359,15 @@ func runGuardianSetTemplate(cmd *cobra.Command, args []string) {
 	// Use deterministic devnet addresses as examples in the template, such that this doubles as a test fixture.
 	guardians := make([]*nodev1.GuardianSetUpdate_Guardian, *setUpdateNumGuardians)
 	for i := 0; i < *setUpdateNumGuardians; i++ {
-		k := devnet.InsecureDeterministicEcdsaKeyByIndex(crypto.S256(), uint64(i))
+		k := devnet.InsecureDeterministicEcdsaKeyByIndex(crypto.S256(), uint64(i)) // #nosec G115 -- Number of guardians will never overflow here
 		guardians[i] = &nodev1.GuardianSetUpdate_Guardian{
 			Pubkey: crypto.PubkeyToAddress(k.PublicKey).Hex(),
 			Name:   fmt.Sprintf("Example validator %d", i),
 		}
 	}
 
 	m := &nodev1.InjectGovernanceVAARequest{
-		CurrentSetIndex: uint32(*templateGuardianIndex),
+		CurrentSetIndex: uint32(*templateGuardianIndex), // #nosec G115 -- Number of guardians will never overflow here
 		Messages: []*nodev1.GovernanceMessage{
 			{
 				Sequence: rand.Uint64(),

node/cmd/spy/spy.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"math"
 	"net"
 	"net/http"
 	"os"
@@ -187,6 +188,9 @@ func (s *spyServer) SubscribeSignedVAA(req *spyv1.SubscribeSignedVAARequest, res
 				if err != nil {
 					return status.Error(codes.InvalidArgument, fmt.Sprintf("failed to decode emitter address: %v", err))
 				}
+				if t.EmitterFilter.GetChainId() > math.MaxUint16 {
+					return status.Error(codes.InvalidArgument, fmt.Sprintf("emitter chain id must be a valid 16 bit unsigned integer: %v", t.EmitterFilter.ChainId.Number()))
+				}
 				fi = append(fi, filterSignedVaa{
 					chainId:     vaa.ChainID(t.EmitterFilter.ChainId),
 					emitterAddr: addr,

node/hack/repair_eth/repair_eth.go

@@ -9,6 +9,7 @@ import (
 	"fmt"
 	"io"
 	"log"
+	"math"
 	"net/http"
 	"net/http/cookiejar"
 	"strconv"
@@ -397,10 +398,16 @@ func main() {
 
 		var from, to string
 		if lastHeight == 0 {
+			if currentHeight-step > math.MaxInt {
+				log.Fatalf("from block overflowed: %v", currentHeight-step)
+			}
 			from = strconv.Itoa(int(currentHeight - step))
 			to = "latest"
 			lastHeight = currentHeight
 		} else {
+			if lastHeight-step > math.MaxInt {
+				log.Fatalf("from block overflowed: %v", lastHeight-step)
+			}
 			from = strconv.Itoa(int(lastHeight - step))
 			to = strconv.Itoa(int(lastHeight))
 		}

node/pkg/accountant/submit_obs.go

@@ -6,6 +6,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"math"
 	"strings"
 	"time"
 
@@ -88,6 +89,10 @@ func (acct *Accountant) handleBatch(ctx context.Context, subChan chan *common.Me
 		return fmt.Errorf("failed to get guardian index for %s", tag)
 	}
 
+	if guardianIndex > math.MaxUint32 {
+		return fmt.Errorf("guardian index greater than max uint32 %v", guardianIndex)
+	}
+
 	acct.submitObservationsToContract(msgs, gs.Index, uint32(guardianIndex), wormchainConn, contract, prefix, tag)
 	transfersSubmitted.Add(float64(len(msgs)))
 	return nil
@@ -309,7 +314,7 @@ func SubmitObservationsToContract(
 	for idx, msg := range msgs {
 		obs[idx] = Observation{
 			TxHash:           msg.TxHash.Bytes(),
-			Timestamp:        uint32(msg.Timestamp.Unix()),
+			Timestamp:        uint32(msg.Timestamp.Unix()), // #nosec G115 -- This conversion is safe until year 2106
 			Nonce:            msg.Nonce,
 			EmitterChain:     uint16(msg.EmitterChain),
 			EmitterAddress:   msg.EmitterAddress,

node/pkg/adminrpc/adminserver.go

@@ -281,7 +281,7 @@ func accountantModifyBalance(req *nodev1.AccountantModifyBalance, timestamp time
 		ChainId:      vaa.ChainID(req.ChainId),
 		TokenChain:   vaa.ChainID(req.TokenChain),
 		TokenAddress: tokenAdress,
-		Kind:         uint8(req.Kind),
+		Kind:         uint8(req.Kind), // #nosec G115 -- The `ModificationKind` enum only has 3 values
 		Amount:       amount,
 		Reason:       req.Reason,
 	}.Serialize()
@@ -667,6 +667,9 @@ func evmCallToVaa(evmCall *nodev1.EvmCall, timestamp time.Time, guardianSetIndex
 	if err != nil {
 		return nil, fmt.Errorf("failed to decode ABI encoded call: %w", err)
 	}
+	if evmCall.ChainId > math.MaxUint16 {
+		return nil, fmt.Errorf("chain id exceeds max uint16: %v", evmCall.ChainId)
+	}
 
 	body, err := vaa.BodyGeneralPurposeGovernanceEvm{
 		ChainID:            vaa.ChainID(evmCall.ChainId),
@@ -699,6 +702,9 @@ func solanaCallToVaa(solanaCall *nodev1.SolanaCall, timestamp time.Time, guardia
 	if err != nil {
 		return nil, fmt.Errorf("failed to decode instruction: %w", err)
 	}
+	if solanaCall.ChainId > math.MaxUint16 {
+		return nil, fmt.Errorf("chain id exceeds max uint16: %v", solanaCall.ChainId)
+	}
 
 	body, err := vaa.BodyGeneralPurposeGovernanceSolana{
 		ChainID:            vaa.ChainID(solanaCall.ChainId),
@@ -917,6 +923,9 @@ func (s *nodePrivilegedService) FindMissingMessages(ctx context.Context, req *no
 	if err != nil {
 		return nil, status.Errorf(codes.InvalidArgument, "invalid emitter address encoding: %v", err)
 	}
+	if req.EmitterChain > math.MaxUint16 {
+		return nil, status.Errorf(codes.InvalidArgument, "chain id exceeds max uint16: %v", req.EmitterChain)
+	}
 	emitterAddress := vaa.Address{}
 	copy(emitterAddress[:], b)
 

node/pkg/common/chainlock.go

@@ -49,7 +49,7 @@ func (msg *MessagePublication) Marshal() ([]byte, error) {
 	buf := new(bytes.Buffer)
 
 	buf.Write(msg.TxHash[:])
-	vaa.MustWrite(buf, binary.BigEndian, uint32(msg.Timestamp.Unix()))
+	vaa.MustWrite(buf, binary.BigEndian, uint32(msg.Timestamp.Unix())) // #nosec G115 -- This conversion is safe until year 2106
 	vaa.MustWrite(buf, binary.BigEndian, msg.Nonce)
 	vaa.MustWrite(buf, binary.BigEndian, msg.Sequence)
 	vaa.MustWrite(buf, binary.BigEndian, msg.ConsistencyLevel)

node/pkg/db/db_test.go

@@ -127,7 +127,7 @@ func TestStoreSignedVAABatch(t *testing.T) {
 	require.Less(t, int64(0), db.db.MaxBatchSize())  // In testing this was 10066329.
 
 	// Make sure we exceed the max batch size.
-	numVAAs := uint64(db.db.MaxBatchCount() + 1)
+	numVAAs := uint64(db.db.MaxBatchCount() + 1) // #nosec G115 -- This is safe given the testing values noted above
 
 	// Build the VAA batch.
 	vaaBatch := make([]*vaa.VAA, 0, numVAAs)

node/pkg/db/governor.go

@@ -65,17 +65,17 @@
 func (t *Transfer) Marshal() ([]byte, error) {
 	buf := new(bytes.Buffer)
 
-	vaa.MustWrite(buf, binary.BigEndian, uint32(t.Timestamp.Unix()))
+	vaa.MustWrite(buf, binary.BigEndian, uint32(t.Timestamp.Unix())) // #nosec G115 -- This conversion is safe until year 2106
 	vaa.MustWrite(buf, binary.BigEndian, t.Value)
 	vaa.MustWrite(buf, binary.BigEndian, t.OriginChain)
 	buf.Write(t.OriginAddress[:])
 	vaa.MustWrite(buf, binary.BigEndian, t.EmitterChain)
 	buf.Write(t.EmitterAddress[:])
 	vaa.MustWrite(buf, binary.BigEndian, uint16(len(t.MsgID)))
 	if len(t.MsgID) > 0 {
 		buf.Write([]byte(t.MsgID))
 	}
 	vaa.MustWrite(buf, binary.BigEndian, uint16(len(t.Hash)))
 	if len(t.Hash) > 0 {
 		buf.Write([]byte(t.Hash))
 	}
@@ -236,7 +236,7 @@
 func (p *PendingTransfer) Marshal() ([]byte, error) {
 	buf := new(bytes.Buffer)
 
-	vaa.MustWrite(buf, binary.BigEndian, uint32(p.ReleaseTime.Unix()))
+	vaa.MustWrite(buf, binary.BigEndian, uint32(p.ReleaseTime.Unix())) // #nosec G115 -- This conversion is safe until year 2106
 
 	b, err := p.Msg.Marshal()
 	if err != nil {

node/pkg/db/governor_test.go

@@ -566,7 +566,7 @@
 func (d *Database) storeOldPendingMsg(t *testing.T, p *PendingTransfer) {
 	buf := new(bytes.Buffer)
 
-	vaa.MustWrite(buf, binary.BigEndian, uint32(p.ReleaseTime.Unix()))
+	vaa.MustWrite(buf, binary.BigEndian, uint32(p.ReleaseTime.Unix())) // #nosec G115 -- This conversion is safe until year 2106
 
 	b := marshalOldMessagePublication(&p.Msg)
 
@@ -586,7 +586,7 @@
 	buf := new(bytes.Buffer)
 
 	buf.Write(msg.TxHash[:])
-	vaa.MustWrite(buf, binary.BigEndian, uint32(msg.Timestamp.Unix()))
+	vaa.MustWrite(buf, binary.BigEndian, uint32(msg.Timestamp.Unix())) // #nosec G115 -- This conversion is safe until year 2106
 	vaa.MustWrite(buf, binary.BigEndian, msg.Nonce)
 	vaa.MustWrite(buf, binary.BigEndian, msg.Sequence)
 	vaa.MustWrite(buf, binary.BigEndian, msg.ConsistencyLevel)
@@ -764,13 +764,13 @@
 func marshalOldTransfer(xfer *Transfer) []byte {
 	buf := new(bytes.Buffer)
 
-	vaa.MustWrite(buf, binary.BigEndian, uint32(xfer.Timestamp.Unix()))
+	vaa.MustWrite(buf, binary.BigEndian, uint32(xfer.Timestamp.Unix())) // #nosec G115 -- This conversion is safe until year 2106
 	vaa.MustWrite(buf, binary.BigEndian, xfer.Value)
 	vaa.MustWrite(buf, binary.BigEndian, xfer.OriginChain)
 	buf.Write(xfer.OriginAddress[:])
 	vaa.MustWrite(buf, binary.BigEndian, xfer.EmitterChain)
 	buf.Write(xfer.EmitterAddress[:])
 	vaa.MustWrite(buf, binary.BigEndian, uint16(len(xfer.MsgID)))
 	if len(xfer.MsgID) > 0 {
 		buf.Write([]byte(xfer.MsgID))
 	}

node/pkg/governor/governor.go

@@ -145,7 +145,7 @@ func (ce *chainEntry) addFlowCancelTransfer(transfer transfer) error {
 		return fmt.Errorf("value for transfer.dbTransfer exceeds MaxInt64: %d", transfer.dbTransfer.Value)
 	}
 	// Type conversion is safe here because of the MaxInt64 bounds check above
-	if value != -int64(transfer.dbTransfer.Value) {
+	if value != -int64(transfer.dbTransfer.Value) { // nolint:gosec
 		return fmt.Errorf("transfer is invalid: transfer.value %d must equal the inverse of transfer.dbTransfer.Value %d", value, transfer.dbTransfer.Value)
 	}
 	if targetChain != ce.emitterChainId {

node/pkg/governor/governor_monitoring.go

@@ -77,6 +77,7 @@ package governor
 import (
 	"context"
 	"fmt"
+	"math"
 	"sort"
 	"time"
 
@@ -379,7 +380,7 @@ func (gov *ChainGovernor) GetEnqueuedVAAs() []*publicrpcv1.GovernorGetEnqueuedVA
 				EmitterChain:   uint32(pe.dbData.Msg.EmitterChain),
 				EmitterAddress: pe.dbData.Msg.EmitterAddress.String(),
 				Sequence:       pe.dbData.Msg.Sequence,
-				ReleaseTime:    uint32(pe.dbData.ReleaseTime.Unix()),
+				ReleaseTime:    uint32(pe.dbData.ReleaseTime.Unix()), // #nosec G115 -- This conversion is safe until year 2106
 				NotionalValue:  value,
 				TxHash:         pe.dbData.Msg.TxHash.String(),
 			})
@@ -398,7 +399,11 @@ func (gov *ChainGovernor) IsVAAEnqueued(msgId *publicrpcv1.MessageID) (bool, err
 		return false, fmt.Errorf("no message ID specified")
 	}
 
-	emitterChain := vaa.ChainID(msgId.EmitterChain)
+	if msgId.GetEmitterChain() > math.MaxUint16 {
+		return false, fmt.Errorf("emitter chain id must be no greater than 16 bits")
+	}
+
+	emitterChain := vaa.ChainID(msgId.GetEmitterChain())
 
 	emitterAddress, err := vaa.StringToAddress(msgId.EmitterAddress)
 	if err != nil {
@@ -647,7 +652,7 @@ func (gov *ChainGovernor) publishStatus(ctx context.Context, hb *gossipv1.Heartb
 				numEnqueued = numEnqueued + 1
 				enqueuedVaas = append(enqueuedVaas, &gossipv1.ChainGovernorStatus_EnqueuedVAA{
 					Sequence:      pe.dbData.Msg.Sequence,
-					ReleaseTime:   uint32(pe.dbData.ReleaseTime.Unix()),
+					ReleaseTime:   uint32(pe.dbData.ReleaseTime.Unix()), // #nosec G115 -- This conversion is safe until year 2106
 					NotionalValue: value,
 					TxHash:        pe.dbData.Msg.TxHash.String(),
 				})

node/pkg/gwrelayer/gwrelayer_test.go

@@ -72,7 +72,7 @@ func Test_shouldPublishToIbcTranslator(t *testing.T) {
 				Signatures:       []*vaa.Signature{},
 				Timestamp:        time.Unix(0, 0),
 				Nonce:            uint32(1),
-				Sequence:         uint64(seqNum),
+				Sequence:         uint64(seqNum), // #nosec G115 -- We're iterating over a fixed length array defined above
 				ConsistencyLevel: uint8(32),
 				EmitterChain:     vaa.ChainIDSolana,
 				EmitterAddress:   solanaEmitter,

node/pkg/node/node_test.go

@@ -123,7 +123,7 @@ func newMockGuardianSet(t testing.TB, testId uint, n int) []*mockGuardian {
 			MockSetC:         make(chan *common.GuardianSet),
 			guardianSigner:   guardianSigner,
 			guardianAddr:     eth_crypto.PubkeyToAddress(guardianSigner.PublicKey(context.Background())),
-			config:           createGuardianConfig(t, testId, uint(i)),
+			config:           createGuardianConfig(t, testId, uint(i)), // #nosec G115 -- Guardian set will never be that large
 		}
 	}
 
@@ -428,7 +428,7 @@ func governedMsg(shouldBeDelayed bool) *common.MessagePublication {
 		amount = 1_000_000_000_000
 	}
 
-	tokenAddrStr := "069b8857feab8184fb687f634618c035dac439dc1aeb3b5598a0f00000000001" // nolint:gosec // wrapped-SOL
+	tokenAddrStr := "069b8857feab8184fb687f634618c035dac439dc1aeb3b5598a0f00000000001" // #nosec G101 -- Address for testing
 	toAddrStr := "0x707f9118e33a9b8998bea41dd0d46f38bb963fc8"                          // whatever
 	payloadBytes := buildMockTransferPayloadBytes(
 		vaa.ChainIDSolana,
@@ -658,7 +658,7 @@ func runConsensusTests(t *testing.T, testCases []testCase, numGuardians int) {
 
 		// run the guardians
 		for i := 0; i < numGuardians; i++ {
-			gRun := mockGuardianRunnable(t, gs, uint(i), obsDb)
+			gRun := mockGuardianRunnable(t, gs, uint(i), obsDb) // #nosec G115 -- Guardian set will never be that large
 			err := supervisor.Run(ctx, fmt.Sprintf("g-%d", i), gRun)
 			if i == 0 && numGuardians > 1 {
 				time.Sleep(time.Second) // give the bootstrap guardian some time to start up
@@ -762,7 +762,7 @@ func runConsensusTests(t *testing.T, testCases []testCase, numGuardians int) {
 					_, err := adminCs[j].InjectGovernanceVAA(queryCtx, &nodev1.InjectGovernanceVAARequest{
 						CurrentSetIndex: guardianSetIndex,
 						Messages:        []*nodev1.GovernanceMessage{testCase.govMsg},
-						Timestamp:       uint32(testCase.msg.Timestamp.Unix()),
+						Timestamp:       uint32(testCase.msg.Timestamp.Unix()), // #nosec G115 -- This conversion is safe until year 2106
 					})
 					queryCancel()
 					assert.NoError(t, err)
@@ -1157,7 +1157,7 @@ func BenchmarkConsensus(b *testing.B) {
 	//runConsensusBenchmark(b, "1", 19, 1000, 1) // ~13s
 }
 
-func runConsensusBenchmark(t *testing.B, name string, numGuardians int, numMessages int, maxPendingObs int) {
+func runConsensusBenchmark(t *testing.B, name string, numGuardians int, numMessages uint64, maxPendingObs int) {
 	const vaaCheckGuardianIndex = 1 // we will query this Guardian for VAAs.
 
 	t.Run(name, func(t *testing.B) {
@@ -1242,7 +1242,7 @@ func runConsensusBenchmark(t *testing.B, name string, numGuardians int, numMessa
 
 			go func() {
 				// feed observations to nodes
-				for i := 0; i < numMessages; i++ {
+				for i := uint64(0); i < numMessages; i++ {
 					select {
 					case <-ctx.Done():
 						return
@@ -1257,7 +1257,7 @@ func runConsensusBenchmark(t *testing.B, name string, numGuardians int, numMessa
 			}()
 
 			// check that the VAAs were generated
-			for i := 0; i < numMessages; i++ {
+			for i := uint64(0); i < numMessages; i++ {
 				msgId := &publicrpcv1.MessageID{
 					EmitterChain:   publicrpcv1.ChainID(someMsgEmitterChain),
 					EmitterAddress: someMsgEmitter.String(),