fix: add 10-second timeout to oracle resolvePrice RPC call

[0x-SquidSol]

Summary

• resolvePrice() had no timeout configured, allowing indefinite hangs if the external Solana RPC or oracle API became unresponsive
• This could accumulate blocked connections and exhaust server resources
• Fix: Added AbortSignal.timeout(10_000) using the SDK's native abort signal support, which properly cancels the underlying RPC request on timeout

Files Changed

• src/routes/oracle-router.ts — Added abort signal timeout to resolvePrice call (1 line change)

Test plan

• All 189 existing tests pass
• TypeScript compiles clean (tsc --noEmit)
• Verified SDK signature accepts AbortSignal as second parameter
• Verified existing catch block handles abort errors

🤖 Generated with Claude Code

Summary by CodeRabbit

• Bug Fixes
  • Price resolution requests now enforce a 10-second timeout with proper error handling, ensuring faster failure responses.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 3de27a29-4d11-438f-8d17-085f47dc1883

📥 Commits

Reviewing files that changed from the base of the PR and between e9c72c9 and 5c147d4.

📒 Files selected for processing (1)

• src/routes/oracle-router.ts

---

📝 Walkthrough

Walkthrough

A 10-second timeout constraint is added to the resolvePrice call in the oracle router using AbortSignal.timeout(10_000). The change is minimal with no modifications to public interfaces, cache logic, or error handling structures.

Changes

Cohort / File(s)	Summary
Timeout Configuration src/routes/oracle-router.ts	Added 10-second timeout parameter to resolvePrice call; timeout-triggered aborts surface through existing error handler.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A whisker's flick, ten seconds pass,
The oracle now answers fast!
No dawdling queries, no endless wait—
Quick timeout keeps the service great! ⏱️✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and specifically describes the main change: adding a 10-second timeout to the oracle resolvePrice RPC call.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[dcccrypto]

Sentinel security review — MERGE

Oracle resolvePrice() with no timeout is a DoS vector: a hung RPC node would accumulate blocked connections and exhaust server resources. The 10-second AbortSignal.timeout() is appropriate for oracle price resolution — long enough for slow but healthy RPC, short enough to fail fast on outages. The existing catch block handles abort errors so no unhandled rejection risk.

No blocking findings. Security APPROVED.