Description
After monotonicity was added to the UUIDv7 implementation, ( 5563381 ), it became susceptible to rollover. That's a risk for any UUIDv7 implementation with a seeded monotonic counter. But most implementations try to mitigate the risk so that it won't happen unless a huge number of UUIDs are requested. With this implementation, the worst case is that it may fail even if only two UUIDs are requested within one time slice. The probability of that happening is 2-80, which makes it more of a theoretical risk. It is important enough to the specification that it actually warns against this though, ( https://www.rfc-editor.org/rfc/rfc9562#section-6.2-7.2 ). To be pedantically correct, the implementation could follow the specification's advice to zero out the first bit of randomness in the seed. That way the counter always starts out very far from an overflow.
Note that the carry logic doesn't take advantage of every single bit of entropy. Because it checks each byte against 0xff, the highest valid counter value is 0xfefefefefefefefefefe instead of 0xffffffffffffffffffff.
That could be corrected by comparing each byte to
0x00 instead, so that the carry bit gets handled just like in regular arithmetic.