fix: lower sei-cosmos pagination query MaxLimit to 10,000

[amir-deris]

Summary

• Lowers MaxLimit in sei-cosmos/types/query/pagination.go from math.MaxUint64 to 10_000 to cap the number of items a paginated RPC query can request in a single call, preventing unbounded scans that can degrade node performance.
• Updates internal callers in x/bank (ExportGenesis, TotalSupply invariant) that legitimately need to iterate all supply entries to pass math.MaxUint64 directly, preserving their existing behavior.

Test plan

• Confirm paginated RPC queries with a limit above 10,000 are rejected or clamped
• Confirm ExportGenesis and TotalSupply invariant still work correctly on a node with many token denominations

[cursor]

PR Summary

Medium Risk
Medium risk because it changes public query behavior by rejecting large limit values, which can break existing clients that request very high limits. Bank genesis export and invariants are adjusted to avoid the new cap, reducing runtime risk there.

Overview
Capped query pagination by lowering query.MaxLimit to 10_000 and adding a guard in query.Paginate that returns InvalidArgument when a request exceeds the cap.

Updated bank module callers (ExportGenesis and TotalSupply invariant) to compute total supply via IterateTotalSupply rather than GetPaginatedTotalSupply with an effectively-unbounded limit, avoiding failures under the new pagination restriction.

^{Reviewed by Cursor Bugbot for commit d5241fa. Bugbot is set up for automated code reviews on this repo. Configure here.}

[github-actions]

The latest Buf updates on your PR. Results from workflow Buf / buf (pull_request).

Build	Format	Lint	Breaking	Updated (UTC)
✅ passed	✅ passed	✅ passed	✅ passed	May 21, 2026, 11:28 PM

[cursor]

Cursor Bugbot has reviewed your changes using default effort and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit da36bbb. Configure here.}

[cursor]

Test still uses reduced MaxLimit constant

Medium Severity

Reducing query.MaxLimit from math.MaxUint64 to uint64(10_000) affects genesis_test.go line 123, which still uses query.MaxLimit to fetch all supply entries. The production code in genesis.go and invariants.go was correctly updated to use math.MaxUint64 directly, but the test was missed. If test data ever exceeds 10,000 denominations, the test would silently return truncated results and could produce false-passing assertions.

Additional Locations (1)

• sei-cosmos/x/bank/keeper/genesis.go#L63-L64

 

^{Reviewed by Cursor Bugbot for commit da36bbb. Configure here.}

[codecov]

Codecov Report

❌ Patch coverage is 63.15789% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 59.08%. Comparing base (ef425cc) to head (d5241fa).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
sei-cosmos/x/bank/keeper/invariants.go	0.00%	5 Missing ⚠️
sei-cosmos/types/query/pagination.go	77.77%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #3494   +/-   ##
=======================================
  Coverage   59.08%   59.08%           
=======================================
  Files        2187     2187           
  Lines      182237   182249   +12     
=======================================
+ Hits       107679   107689   +10     
- Misses      64911    64914    +3     
+ Partials     9647     9646    -1     

Flag	Coverage Δ
sei-chain-pr	77.56% <63.15%> (?)
sei-db	70.41% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
sei-cosmos/x/bank/keeper/genesis.go	81.63% <100.00%> (+5.03%)	⬆️
sei-cosmos/types/query/pagination.go	82.95% <77.77%> (-0.59%)	⬇️
sei-cosmos/x/bank/keeper/invariants.go	47.36% <0.00%> (-3.99%)	⬇️

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.