fix: potential fix for #30

src/Funnel.sol

@@ -214,13 +214,22 @@ contract Funnel is IFunnel, NativeMetaTransaction, MetaTxContext, Initializable
         RenewableAllowance memory a = rAllowance[_owner][_spender];
         uint256 baseAllowance = _baseToken.allowance(_owner, address(this));
         uint256 recovered = a.recoveryRate * uint64(block.timestamp - a.lastUpdated); // uint192 * uint64 = uint256
-        uint256 remainingAllowance = a.remaining + recovered; // uint256 + uint256 potential overflow
+        uint256 remainingAllowance = saturatingAdd(a.remaining, recovered); // uint256 + uint256 potential overflow
         uint256 currentAllowance = remainingAllowance > a.maxAmount
             ? a.maxAmount
             : remainingAllowance;
         return currentAllowance > baseAllowance ? baseAllowance : currentAllowance;
     }
 
+    // @dev returns the sum of two uint256 values, saturating at 2**256 - 1
+    function saturatingAdd(uint256 a, uint256 b) internal pure returns (uint256) {
+        unchecked {
+            uint256 c = a + b;
+            if (c < a) return type(uint256).max;
+            return c;
+        }
+    }
+
     /// @notice fetch approved max amount and recovery rate
     /// @return amount initial and maximum allowance given to spender
     /// @return recoveryRate recovery amount per second

test/Funnel.t.sol

@@ -143,6 +143,16 @@ contract FunnelTest is ERC5827TestSuite {
         assertEq(token.balanceOf(user3), type(uint256).max);
     }
 
+    function testRecoveryRateCasting() public {
+        vm.prank(user1);
+        funnel.approveRenewable(user2, type(uint256).max, type(uint256).max);
+
+        (uint256 initial, uint256 recoveryRate) = funnel.renewableAllowance(user1, user2);
+
+        assertEq(initial, type(uint256).max);
+        assertEq(recoveryRate, type(uint192).max);
+    }
+
     function testTransferFromAndCallRevertNonContract() public {
         vm.prank(user1);
         funnel.approveRenewable(user2, 1337, 1);