diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs
index 3c1ae0a0..3aa4f9d7 100644
--- a/src/api/core/ciphers.rs
+++ b/src/api/core/ciphers.rs
@@ -1123,8 +1123,12 @@ async fn save_attachment(
         // the client. Upstream allows +/- 1 MiB deviation from this
         // size, but it's not clear when or why this is needed.
         const LEEWAY: i64 = 1024 * 1024; // 1 MiB
-        let min_size = attachment.file_size - LEEWAY;
-        let max_size = attachment.file_size + LEEWAY;
+        let Some(min_size) = attachment.file_size.checked_add(LEEWAY) else {
+            err!("Invalid attachment size min")
+        };
+        let Some(max_size) = attachment.file_size.checked_sub(LEEWAY) else {
+            err!("Invalid attachment size max")
+        };
 
         if min_size <= size && size <= max_size {
             if size != attachment.file_size {
diff --git a/src/api/core/sends.rs b/src/api/core/sends.rs
index 7588bbe7..1bc6d00f 100644
--- a/src/api/core/sends.rs
+++ b/src/api/core/sends.rs
@@ -229,9 +229,10 @@ async fn post_send_file(data: Form<UploadData<'_>>, headers: Headers, mut conn:
     let size_limit = match CONFIG.user_send_limit() {
         Some(0) => err!("File uploads are disabled"),
         Some(limit_kb) => {
-            let already_used = Send::size_by_user(&headers.user.uuid, &mut conn).await;
-            let left = limit_kb.checked_mul(1024).and_then(|l| l.checked_sub(already_used));
-            let Some(left) = left else {
+            let Some(already_used) = Send::size_by_user(&headers.user.uuid, &mut conn).await else {
+                err!("Existing sends overflow")
+            };
+            let Some(left) = limit_kb.checked_mul(1024).and_then(|l| l.checked_sub(already_used)) else {
                 err!("Send size overflow");
             };
             if left <= 0 {
@@ -306,9 +307,10 @@ async fn post_send_file_v2(data: JsonUpcase<SendData>, headers: Headers, mut con
     let size_limit = match CONFIG.user_send_limit() {
         Some(0) => err!("File uploads are disabled"),
         Some(limit_kb) => {
-            let already_used = Send::size_by_user(&headers.user.uuid, &mut conn).await;
-            let left = limit_kb.checked_mul(1024).and_then(|l| l.checked_sub(already_used));
-            let Some(left) = left else {
+            let Some(already_used) = Send::size_by_user(&headers.user.uuid, &mut conn).await else {
+                err!("Existing sends overflow")
+            };
+            let Some(left) = limit_kb.checked_mul(1024).and_then(|l| l.checked_sub(already_used)) else {
                 err!("Send size overflow");
             };
             if left <= 0 {
diff --git a/src/db/models/send.rs b/src/db/models/send.rs
index ff7d9541..7cfeb478 100644
--- a/src/db/models/send.rs
+++ b/src/db/models/send.rs
@@ -287,7 +287,7 @@ impl Send {
         }}
     }
 
-    pub async fn size_by_user(user_uuid: &str, conn: &mut DbConn) -> i64 {
+    pub async fn size_by_user(user_uuid: &str, conn: &mut DbConn) -> Option<i64> {
         let sends = Self::find_by_user(user_uuid, conn).await;
 
         #[allow(non_snake_case)]
@@ -309,12 +309,12 @@ impl Send {
                 };
 
                 if let Ok(size) = size {
-                    total = total.saturating_add(size);
+                    total = total.checked_add(size)?;
                 };
             }
         }
 
-        total
+        Some(total)
     }
 
     pub async fn find_by_org(org_uuid: &str, conn: &mut DbConn) -> Vec<Self> {