Risk Level
HIGH
File
core/src/exchanges/baozi/websocket.ts
Findings
- Line 88:
this.orderBookResolvers.get(marketPubkey)!.push({ resolve, reject }); — assumes marketPubkey is already registered in orderBookResolvers. If the key is absent (race condition, re-subscription after cleanup, or unexpected call order), .push() is called on undefined.
What Happens When It's Wrong
TypeError: Cannot read properties of undefined (reading 'push') — the pending watchOrderBook promise leaks; the caller hangs until the watch timeout fires with no indication of what went wrong.
Suggested Fix
if (!this.orderBookResolvers.has(marketPubkey)) this.orderBookResolvers.set(marketPubkey, []);
this.orderBookResolvers.get(marketPubkey)!.push({ resolve, reject });
Found by automated non-null assertion audit
Risk Level
HIGH
File
core/src/exchanges/baozi/websocket.tsFindings
this.orderBookResolvers.get(marketPubkey)!.push({ resolve, reject });— assumesmarketPubkeyis already registered inorderBookResolvers. If the key is absent (race condition, re-subscription after cleanup, or unexpected call order),.push()is called onundefined.What Happens When It's Wrong
TypeError: Cannot read properties of undefined (reading 'push')— the pendingwatchOrderBookpromise leaks; the caller hangs until the watch timeout fires with no indication of what went wrong.Suggested Fix
Found by automated non-null assertion audit