diff --git a/challenger/lnd_test.go b/challenger/lnd_test.go
index 34d4138..62897ea 100644
--- a/challenger/lnd_test.go
+++ b/challenger/lnd_test.go
@@ -56,10 +56,7 @@ func (m *mockInvoiceClient) ListInvoices(_ context.Context,
 		return &lnrpc.ListInvoiceResponse{}, nil
 	}
 
-	endIndex := r.IndexOffset + r.NumMaxInvoices
-	if endIndex > uint64(len(m.invoices)) {
-		endIndex = uint64(len(m.invoices))
-	}
+	endIndex := min(r.IndexOffset+r.NumMaxInvoices, uint64(len(m.invoices)))
 
 	return &lnrpc.ListInvoiceResponse{
 		Invoices:        m.invoices[r.IndexOffset:endIndex],
diff --git a/l402/satisfier.go b/l402/satisfier.go
index a6125be..9eb7759 100644
--- a/l402/satisfier.go
+++ b/l402/satisfier.go
@@ -2,6 +2,7 @@ package l402
 
 import (
 	"fmt"
+	"slices"
 	"strconv"
 	"strings"
 	"time"
@@ -109,10 +110,8 @@ func NewCapabilitiesSatisfier(service string,
 		},
 		SatisfyFinal: func(c Caveat) error {
 			capabilities := strings.Split(c.Value, ",")
-			for _, capability := range capabilities {
-				if capability == targetCapability {
-					return nil
-				}
+			if slices.Contains(capabilities, targetCapability) {
+				return nil
 			}
 			return fmt.Errorf("target capability %v not authorized",
 				targetCapability)
diff --git a/proxy/proxy_test.go b/proxy/proxy_test.go
index 48ab200..8b81263 100644
--- a/proxy/proxy_test.go
+++ b/proxy/proxy_test.go
@@ -10,6 +10,7 @@ import (
 	"net/http"
 	"os"
 	"path"
+	"slices"
 	"strings"
 	"testing"
 	"time"
@@ -576,13 +577,7 @@ func configFromCert(crt *tls.Certificate, certPool *x509.CertPool) *tls.Config {
 	tlsConf.RootCAs = certPool
 	tlsConf.InsecureSkipVerify = true
 
-	haveNPN := false
-	for _, p := range tlsConf.NextProtos {
-		if p == "h2" {
-			haveNPN = true
-			break
-		}
-	}
+	haveNPN := slices.Contains(tlsConf.NextProtos, "h2")
 	if !haveNPN {
 		tlsConf.NextProtos = append(tlsConf.NextProtos, "h2")
 	}