Location
core/src/exchanges/kalshi/websocket.ts:73
Code
this.connectionPromise = new Promise((resolve, reject) => {
try {
const url = new URL(this.wsUrl);
const path = url.pathname;
const headers = this.auth.getHeaders("GET", path);
this.ws = new WebSocket(this.wsUrl, { headers });
this.ws.on("open", () => {
this.isConnected = true;
// ...
resolve();
});Risk
The connectionPromise has no timeout guard. If the Kalshi WebSocket endpoint (wss://) does not emit an open event (e.g., TCP connection hangs, firewall silently drops SYN), the promise never resolves or rejects. Any caller awaiting connect() — and all order book subscriptions — stall indefinitely.
Affected Methods
KalshiWebSocket.connect() — called before any order book subscriptionsubscribeToOrderbook(), unsubscribeFromOrderbook()
Suggested Fix
const timeout = setTimeout(() => {
ws.terminate();
reject(new Error('Kalshi WebSocket connection timeout'));
}, 15_000);
this.ws.on('open', () => {
clearTimeout(timeout);
resolve();
});
this.ws.on('error', (err) => {
clearTimeout(timeout);
reject(err);
});
Found by automated missing timeout audit
Location
core/src/exchanges/kalshi/websocket.ts:73Code
Risk
The
connectionPromisehas no timeout guard. If the Kalshi WebSocket endpoint (wss://) does not emit anopenevent (e.g., TCP connection hangs, firewall silently drops SYN), the promise never resolves or rejects. Any caller awaitingconnect()— and all order book subscriptions — stall indefinitely.Affected Methods
KalshiWebSocket.connect()— called before any order book subscriptionsubscribeToOrderbook(),unsubscribeFromOrderbook()Suggested Fix
Found by automated missing timeout audit