fix(L5): truncate token name/symbol from RPC responses

Limits token name to 64 chars and symbol to 12 chars to prevent
storage of excessively long values from malicious contracts.

src/shared/balances.js

@@ -192,6 +192,10 @@ async function lookupTokenInfo(contractAddress, rpcUrl) {
         name = symbol;
     }
 
+    // Truncate to prevent storage of excessively long values from RPC
+    name = String(name).slice(0, 64);
+    symbol = String(symbol).slice(0, 12);
+
     log.infof("Token resolved:", symbol, "decimals", Number(decimals));
     return { name, symbol, decimals: Number(decimals) };
 }