Location
core/src/exchanges/polymarket/auth.ts:148
Code
const response = await axios.get(`${dataApiUrl}/profiles/${address}`, {
headers: { 'User-Agent': 'pmxt (https://github.com/pmxt-dev/pmxt)' }
});Risk
This is a standalone axios.get() call (not through the pre-configured BaseExchange.http instance) with no timeout set. It hits the Polymarket Data API to discover a user's proxy contract address during authentication. If data-api.polymarket.com hangs, Polymarket order placement and all authenticated operations will stall indefinitely at startup.
Affected Methods
PolymarketAuth.discoverProxy() — called during Polymarket exchange initialization for any credentialed user- All subsequent authenticated methods:
createOrder(), cancelOrder(), fetchMyTrades(), etc.
Suggested Fix
const response = await axios.get(`${dataApiUrl}/profiles/${address}`, {
headers: { 'User-Agent': 'pmxt (https://github.com/pmxt-dev/pmxt)' },
timeout: 15_000,
});
Found by automated missing timeout audit
Location
core/src/exchanges/polymarket/auth.ts:148Code
Risk
This is a standalone
axios.get()call (not through the pre-configuredBaseExchange.httpinstance) with no timeout set. It hits the Polymarket Data API to discover a user's proxy contract address during authentication. Ifdata-api.polymarket.comhangs, Polymarket order placement and all authenticated operations will stall indefinitely at startup.Affected Methods
PolymarketAuth.discoverProxy()— called during Polymarket exchange initialization for any credentialed usercreateOrder(),cancelOrder(),fetchMyTrades(), etc.Suggested Fix
Found by automated missing timeout audit