[non-null] myriad/websocket.ts: 4 unsafe Map.get()! assertions on resolver/rejecter maps

[realfishsam]

Risk Level

HIGH

File

core/src/exchanges/myriad/websocket.ts

Findings

• Line 45: this.orderBookResolvers.get(outcomeId)!.push(resolve);
• Line 46: this.orderBookRejecters.get(outcomeId)!.push(reject);
• Line 62: this.tradeResolvers.get(outcomeId)!.push(resolve);
• Line 63: this.tradeRejecters.get(outcomeId)!.push(reject);

All four assert that outcomeId is already in the respective map. If watchOrderBook or watchTrades is called for an outcomeId that was never registered (e.g., race condition, duplicate subscription path, or re-subscription after cleanup), every assertion on lines 45–46 or 62–63 throws.

What Happens When It's Wrong

TypeError: Cannot read properties of undefined (reading 'push') — both the resolver and rejecter for the pending promise are silently discarded. The caller's await watchOrderBook(...) hangs until the watch timeout fires.

Suggested Fix

Use the has + set guard pattern before each push:

if (!this.orderBookResolvers.has(outcomeId)) this.orderBookResolvers.set(outcomeId, []);
if (!this.orderBookRejecters.has(outcomeId)) this.orderBookRejecters.set(outcomeId, []);
this.orderBookResolvers.get(outcomeId)!.push(resolve);
this.orderBookRejecters.get(outcomeId)!.push(reject);

---

Found by automated non-null assertion audit