fix: Possible ignored overflow in _lock

src/abstract/CSBondLock.sol

@@ -105,16 +105,14 @@ abstract contract CSBondLock is ICSBondLock, Initializable {
         if (amount == 0) {
             revert InvalidBondLockAmount();
         }
-        unchecked {
-            if ($.bondLock[nodeOperatorId].retentionUntil > block.timestamp) {
-                amount += $.bondLock[nodeOperatorId].amount;
-            }
-            _changeBondLock({
-                nodeOperatorId: nodeOperatorId,
-                amount: amount,
-                retentionUntil: block.timestamp + $.bondLockRetentionPeriod
-            });
+        if ($.bondLock[nodeOperatorId].retentionUntil > block.timestamp) {
+            amount += $.bondLock[nodeOperatorId].amount;
         }
+        _changeBondLock({
+            nodeOperatorId: nodeOperatorId,
+            amount: amount,
+            retentionUntil: block.timestamp + $.bondLockRetentionPeriod
+        });
     }
 
     /// @dev Reduce locked bond amount for the given Node Operator without changing retention period

test/CSAccounting.t.sol

@@ -3630,6 +3630,18 @@ contract CSAccountingLockBondETHTest is CSAccountingBaseTest {
         accounting.lockBondETH(0, 1 ether);
     }
 
+    function test_lockBondETH_RevertWhen_LockOverflow() public {
+        mock_getNodeOperatorsCount(1);
+
+        vm.prank(address(stakingModule));
+        accounting.lockBondETH(0, 1 ether);
+        assertEq(accounting.getActualLockedBond(0), 1 ether);
+
+        vm.expectRevert();
+        vm.prank(address(stakingModule));
+        accounting.lockBondETH(0, type(uint256).max);
+    }
+
     function test_releaseLockedBondETH() public assertInvariants {
         mock_getNodeOperatorsCount(1);