From a9e32c10e1a870cb151a93760727f92fe49dc99d Mon Sep 17 00:00:00 2001
From: marcello33 <marcelloardizzone@hotmail.it>
Date: Sat, 7 Oct 2023 08:33:58 +0200
Subject: [PATCH 1/4] dev: add: recommended peer settings for mainnet nodes

---
 packaging/templates/mainnet-v1/archive/config.toml          | 2 +-
 .../templates/mainnet-v1/sentry/sentry/bor/config.toml      | 2 +-
 .../templates/mainnet-v1/sentry/validator/bor/config.toml   | 6 +++---
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/packaging/templates/mainnet-v1/archive/config.toml b/packaging/templates/mainnet-v1/archive/config.toml
index 8522ca0304..ab16db7194 100644
--- a/packaging/templates/mainnet-v1/archive/config.toml
+++ b/packaging/templates/mainnet-v1/archive/config.toml
@@ -35,7 +35,7 @@ gcmode = "archive"
     # txarrivalwait = "500ms"
     # [p2p.discovery]
         # v5disc = false
-        # bootnodes = []
+        # bootnodes = ["enode://76316d1cb93c8ed407d3332d595233401250d48f8fbb1d9c65bd18c0495eca1b43ec38ee0ea1c257c0abb7d1f25d649d359cdfe5a805842159cfe36c5f66b7e8@52.78.36.216:30303", "enode://b8f1cc9c5d4403703fbf377116469667d2b1823c0daf16b7250aa576bacf399e42c3930ccfcb02c5df6879565a2b8931335565f0e8d3f8e72385ecf4a4bf160a@3.36.224.80:30303", "enode://8729e0c825f3d9cad382555f3e46dcff21af323e89025a0e6312df541f4a9e73abfa562d64906f5e59c51fe6f0501b3e61b07979606c56329c020ed739910759@54.194.245.5:30303", "enode://681ebac58d8dd2d8a6eef15329dfbad0ab960561524cf2dfde40ad646736fe5c244020f20b87e7c1520820bc625cfb487dd71d63a3a3bf0baea2dbb8ec7c79f1@34.240.245.39:30303"]
         # bootnodesv4 = []
         # bootnodesv5 = []
         # static-nodes = []
diff --git a/packaging/templates/mainnet-v1/sentry/sentry/bor/config.toml b/packaging/templates/mainnet-v1/sentry/sentry/bor/config.toml
index 411c16f529..d2bc5bd988 100644
--- a/packaging/templates/mainnet-v1/sentry/sentry/bor/config.toml
+++ b/packaging/templates/mainnet-v1/sentry/sentry/bor/config.toml
@@ -39,7 +39,7 @@ syncmode = "full"
         # bootnodesv4 = []
         # bootnodesv5 = []
         # static-nodes = []
-        # trusted-nodes = []
+        # trusted-nodes = ["<validator-ip>:<validator-p2p-port>"] # Recommended setting with sentry <> validator architecture
         # dns = []
 
 # [heimdall]
diff --git a/packaging/templates/mainnet-v1/sentry/validator/bor/config.toml b/packaging/templates/mainnet-v1/sentry/validator/bor/config.toml
index 7798cccd1a..fb3713764d 100644
--- a/packaging/templates/mainnet-v1/sentry/validator/bor/config.toml
+++ b/packaging/templates/mainnet-v1/sentry/validator/bor/config.toml
@@ -25,7 +25,7 @@ syncmode = "full"
     # debug = true
 
 [p2p]
-    maxpeers = 1
+    maxpeers = 20
     port = 30303
     nodiscover = true
     # maxpendpeers = 50
@@ -37,10 +37,10 @@ syncmode = "full"
     # txarrivalwait = "500ms"
     # [p2p.discovery]
         # v5disc = false
-        # bootnodes = []
+        # bootnodes = ["enode://76316d1cb93c8ed407d3332d595233401250d48f8fbb1d9c65bd18c0495eca1b43ec38ee0ea1c257c0abb7d1f25d649d359cdfe5a805842159cfe36c5f66b7e8@52.78.36.216:30303", "enode://b8f1cc9c5d4403703fbf377116469667d2b1823c0daf16b7250aa576bacf399e42c3930ccfcb02c5df6879565a2b8931335565f0e8d3f8e72385ecf4a4bf160a@3.36.224.80:30303", "enode://8729e0c825f3d9cad382555f3e46dcff21af323e89025a0e6312df541f4a9e73abfa562d64906f5e59c51fe6f0501b3e61b07979606c56329c020ed739910759@54.194.245.5:30303", "enode://681ebac58d8dd2d8a6eef15329dfbad0ab960561524cf2dfde40ad646736fe5c244020f20b87e7c1520820bc625cfb487dd71d63a3a3bf0baea2dbb8ec7c79f1@34.240.245.39:30303"]
         # bootnodesv4 = []
         # bootnodesv5 = []
-        # static-nodes = []
+        # static-nodes = ["<sentry-ip>:<sentry-p2p-port>"] # Recommended setting with sentry <> validator architecture
         # trusted-nodes = []
         # dns = []
 

From a5d53af40286ad6ab98f0dd8aa9eeae99e997808 Mon Sep 17 00:00:00 2001
From: Pratik Patil <pratikspatil024@gmail.com>
Date: Thu, 12 Oct 2023 17:15:14 +0530
Subject: [PATCH 2/4] worker: (Block-STM) Do not hardcode EnableMVHashMap as
 false (#1039)

* do not hardcode EnableMVHashMap as false

* addressed comment

* lint
---
 miner/worker.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/miner/worker.go b/miner/worker.go
index da27492847..ae1e92c070 100644
--- a/miner/worker.go
+++ b/miner/worker.go
@@ -1070,7 +1070,7 @@ func (w *worker) commitTransactions(env *environment, txs *types.TransactionsByP
 
 	var depsWg sync.WaitGroup
 
-	EnableMVHashMap := false
+	EnableMVHashMap := w.chainConfig.Bor.IsParallelUniverse(env.header.Number)
 
 	// create and add empty mvHashMap in statedb
 	if EnableMVHashMap {

From db1562bbe2a0330c5451b99e9a6dc32085278635 Mon Sep 17 00:00:00 2001
From: SHIVAM SHARMA <shivam691999@gmail.com>
Date: Fri, 13 Oct 2023 12:31:17 +0530
Subject: [PATCH 3/4] Fix Codecov and add integration tests coverage (#1020)

* add : gocovmerge support

* fix : minor fix

* add : dependancy for codecov

* fix : dependancy

* fix : codecov upload/download artifact

* fix : fix unable to find cover.out file

* fix : rename integration_cover.out

* chg : codecov-action from v1 to v3
---
 .github/workflows/ci.yml | 19 ++++++++++++++++---
 Makefile                 |  5 ++++-
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index f66474d6d4..1d8c35d572 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -106,6 +106,11 @@ jobs:
 
         - name: Test
           run: make test
+        
+        - uses: actions/upload-artifact@v2
+          with:
+            name: unitTest-coverage
+            path: cover.out
 
         #- name: Data race tests
         #  run: make test-race
@@ -153,17 +158,25 @@ jobs:
         - name: test-integration
           run: make test-integration
 
+        - uses: actions/upload-artifact@v2
+          with:
+            name: integrationTest-coverage
+            path: cover.out
+
   codecov:
     if: (github.event.action != 'closed' || github.event.pull_request.merged == true)
     strategy:
       matrix:
         os: [ ubuntu-20.04 ] # list of os: https://github.com/actions/virtual-environments
     runs-on: ${{ matrix.os }}
+    needs: [unit-tests, integration-tests]
     steps:
+        - name: Checkout
+          uses: actions/checkout@v3
+        - name: Download artifacts
+          uses: actions/download-artifact@v2
         - name: Upload coverage to Codecov
-          uses: codecov/codecov-action@v1
-          with:
-            file: ./cover.out
+          uses: codecov/codecov-action@v3
 
   e2e-tests:
     if: (github.event.action != 'closed' || github.event.pull_request.merged == true)
diff --git a/Makefile b/Makefile
index c14d0dc9f8..cf96d29bf8 100644
--- a/Makefile
+++ b/Makefile
@@ -65,9 +65,12 @@ test-txpool-race:
 
 test-race:
 	$(GOTEST) --timeout 15m -race -shuffle=on $(TESTALL)
+	
+gocovmerge-deps:
+	$(GOBUILD) -o $(GOBIN)/gocovmerge github.com/wadey/gocovmerge
 
 test-integration:
-	$(GOTEST) --timeout 60m -tags integration $(TESTE2E)
+	$(GOTEST) --timeout 60m -cover -coverprofile=cover.out -covermode=atomic -tags integration $(TESTE2E)
 
 escape:
 	cd $(path) && go test -gcflags "-m -m" -run none -bench=BenchmarkJumpdest* -benchmem -memprofile mem.out

From 1a81777184542b093673267f638eb5fc0d2d6ab1 Mon Sep 17 00:00:00 2001
From: marcello33 <marcelloardizzone@hotmail.it>
Date: Mon, 16 Oct 2023 09:28:53 +0200
Subject: [PATCH 4/4] Add CodeQL (#1037)

* dev: add: codeQL

* dev: chg: solve codeQL high vulns

* dev: chg: remove js scan after dismissing relative issues

* dev: chg: fix size allocation checks

* dev: chg: fix size allocation checks

* dev: chg: use math.MaxUint8 for incorrect coversion for integer

* dev: chg: revert on one check / return error on trezorExchange func

* dev: chg: remove checks on logger as not harmful

* dev: chg: bump govuln action go versions

* dev: chg: name of CI for govuln

* dev: chg: bump x/net to 0.17 as per PR-1038

* dev: chg: remove snyk files
---
 .github/workflows/codeql.yml                  | 41 +++++++++++++++++++
 .../workflows/{security-ci.yml => govuln.yml} |  6 +--
 .snyk                                         | 41 -------------------
 accounts/usbwallet/trezor.go                  |  9 +++-
 go.mod                                        |  8 ++--
 go.sum                                        | 13 +++---
 p2p/enode/localnode.go                        |  8 +++-
 7 files changed, 70 insertions(+), 56 deletions(-)
 create mode 100644 .github/workflows/codeql.yml
 rename .github/workflows/{security-ci.yml => govuln.yml} (84%)
 delete mode 100644 .snyk

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 0000000000..dd40670c8d
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,41 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "master", "develop" ]
+  pull_request:
+    branches: [ "master", "develop" ]
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go' ]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/security-ci.yml b/.github/workflows/govuln.yml
similarity index 84%
rename from .github/workflows/security-ci.yml
rename to .github/workflows/govuln.yml
index 540fd9a250..3f508015c7 100644
--- a/.github/workflows/security-ci.yml
+++ b/.github/workflows/govuln.yml
@@ -1,4 +1,4 @@
-name: Security CI
+name: Govuln
 on: [ push, pull_request ]
 
 jobs:
@@ -8,12 +8,12 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - name: Running govulncheck
-        uses: Templum/govulncheck-action@v0.10.1
+        uses: Templum/govulncheck-action@v1.0.0
         continue-on-error: true
         env:
           DEBUG: "true"
         with:
-          go-version: 1.20.5
+          go-version: 1.21
           package: ./...
           github-token: ${{ secrets.GITHUB_TOKEN }}
           fail-on-vuln: true
diff --git a/.snyk b/.snyk
deleted file mode 100644
index 285024f5bb..0000000000
--- a/.snyk
+++ /dev/null
@@ -1,41 +0,0 @@
-# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.25.0
-# ignores vulnerabilities until expiry date; change duration by modifying expiry date
-ignore:
-  'snyk:lic:golang:github.com:karalabe:usb:LGPL-3.0':
-    - '*':
-        reason: 'As open source org, we have no issues with licenses'
-        created: 2022-11-11T08:06:37.028Z
-  'snyk:lic:golang:github.com:mitchellh:cli:MPL-2.0':
-    - '*':
-        reason: 'As open source org, we have no issues with licenses'
-        created: 2022-11-11T08:07:42.661Z
-  'snyk:lic:golang:github.com:hashicorp:hcl:v2:MPL-2.0':
-    - '*':
-        reason: 'As open source org, we have no issues with licenses'
-        created: 2022-11-11T08:09:08.112Z
-  'snyk:lic:golang:github.com:hashicorp:go-multierror:MPL-2.0':
-    - '*':
-        reason: 'As open source org, we have no issues with licenses'
-        created: 2022-11-11T08:09:14.673Z
-  'snyk:lic:golang:github.com:hashicorp:go-bexpr:MPL-2.0':
-    - '*':
-        reason: 'As open source org, we have no issues with licenses'
-        created: 2022-11-11T08:09:21.843Z
-  'snyk:lic:golang:github.com:hashicorp:errwrap:MPL-2.0':
-    - '*':
-        reason: 'As open source org, we have no issues with licenses'
-        created: 2022-11-11T08:09:28.257Z
-  'snyk:lic:golang:github.com:ethereum:go-ethereum:LGPL-3.0':
-    - '*':
-        reason: 'As open source org, we have no issues with licenses'
-        created: 2022-11-11T08:09:35.273Z
-  'snyk:lic:golang:github.com:maticnetwork:polyproto:GPL-3.0':
-    - '*':
-        reason: 'As open source org, we have no issues with licenses'
-        created: 2022-11-11T08:09:41.635Z
-  'SNYK-GOLANG-GOLANGORGXNETHTTP2-3160322':
-    - '*':
-        reason: 'grpc working on a release to fix the issue'
-        created: 2022-12-12T06:50:00.000Z
-patch: {}
diff --git a/accounts/usbwallet/trezor.go b/accounts/usbwallet/trezor.go
index 0201048ebd..5acdff3c97 100644
--- a/accounts/usbwallet/trezor.go
+++ b/accounts/usbwallet/trezor.go
@@ -306,7 +306,14 @@ func (w *trezorDriver) trezorExchange(req proto.Message, results ...proto.Messag
 		return 0, err
 	}
 
-	payload := make([]byte, 8+len(data))
+	var payload []byte
+
+	if len(data) < 64*1024*1024 {
+		payload = make([]byte, 8+len(data))
+	} else {
+		return 0, errors.New("data too large")
+	}
+
 	copy(payload, []byte{0x23, 0x23})
 	binary.BigEndian.PutUint16(payload[2:], trezor.Type(req))
 	binary.BigEndian.PutUint32(payload[4:], uint32(len(data)))
diff --git a/go.mod b/go.mod
index 8c818ad99d..f16c476c74 100644
--- a/go.mod
+++ b/go.mod
@@ -77,11 +77,11 @@ require (
 	github.com/tendermint/tendermint v0.34.21
 	github.com/tyler-smith/go-bip39 v1.1.0
 	github.com/urfave/cli/v2 v2.17.2-0.20221006022127-8f469abc00aa
-	golang.org/x/crypto v0.11.0
+	golang.org/x/crypto v0.14.0
 	golang.org/x/exp v0.0.0-20230206171751-46f607a40771
 	golang.org/x/sync v0.3.0
-	golang.org/x/sys v0.12.0
-	golang.org/x/text v0.11.0
+	golang.org/x/sys v0.13.0
+	golang.org/x/text v0.13.0
 	golang.org/x/time v0.3.0
 	golang.org/x/tools v0.10.0
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0
@@ -159,7 +159,7 @@ require (
 	go.opentelemetry.io/otel/sdk v1.19.0
 	go.uber.org/goleak v1.2.1
 	golang.org/x/mod v0.11.0 // indirect
-	golang.org/x/net v0.12.0 // indirect
+	golang.org/x/net v0.17.0 // indirect
 	gonum.org/v1/gonum v0.11.0
 	google.golang.org/grpc v1.58.2
 	google.golang.org/protobuf v1.31.0
diff --git a/go.sum b/go.sum
index dd93d074de..b466e1cf66 100644
--- a/go.sum
+++ b/go.sum
@@ -2239,8 +2239,9 @@ golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
 golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
-golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
 golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
+golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
 golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -2400,8 +2401,9 @@ golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ=
-golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
 golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
+golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -2596,8 +2598,8 @@ golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
-golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -2628,8 +2630,9 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
-golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
 golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
diff --git a/p2p/enode/localnode.go b/p2p/enode/localnode.go
index 675350907e..66a56ad4e9 100644
--- a/p2p/enode/localnode.go
+++ b/p2p/enode/localnode.go
@@ -19,6 +19,7 @@ package enode
 import (
 	"crypto/ecdsa"
 	"fmt"
+	"math"
 	"net"
 	"reflect"
 	"strconv"
@@ -211,8 +212,11 @@ func (ln *LocalNode) SetFallbackUDP(port int) {
 	ln.mu.Lock()
 	defer ln.mu.Unlock()
 
-	ln.endpoint4.fallbackUDP = uint16(port)
-	ln.endpoint6.fallbackUDP = uint16(port)
+	if port > 0 && port <= math.MaxUint16 {
+		ln.endpoint4.fallbackUDP = uint16(port)
+		ln.endpoint6.fallbackUDP = uint16(port)
+	}
+
 	ln.updateEndpoints()
 }