Risk Level
MEDIUM
File
core/src/exchanges/limitless/client.ts
Findings
- Line 311:
return await this.orderClient!.cancel(orderId);
- Line 318:
return await this.orderClient!.cancelAll(marketSlug);
- Line 388:
const balance = await contract.balanceOf(this.signer!.address);
orderClient is initialized lazily (only when trading credentials are present); signer is set during wallet setup. Both are optional at construction time. Calling cancel, cancelAll, or getBalance on a read-only client instance (no private key provided) triggers the assertions.
What Happens When It's Wrong
TypeError: Cannot read properties of undefined (reading 'cancel'/'cancelAll'/'address') — the operation fails with a generic error instead of a helpful "trading credentials not configured" message.
Suggested Fix
Guard each use site explicitly:
if (!this.orderClient) throw new Error('[limitless] Order client not initialized — trading credentials required');
return await this.orderClient.cancel(orderId);if (!this.signer) throw new Error('[limitless] Signer not initialized — wallet private key required');
const balance = await contract.balanceOf(this.signer.address);
Found by automated non-null assertion audit
Risk Level
MEDIUM
File
core/src/exchanges/limitless/client.tsFindings
return await this.orderClient!.cancel(orderId);return await this.orderClient!.cancelAll(marketSlug);const balance = await contract.balanceOf(this.signer!.address);orderClientis initialized lazily (only when trading credentials are present);signeris set during wallet setup. Both are optional at construction time. Callingcancel,cancelAll, orgetBalanceon a read-only client instance (no private key provided) triggers the assertions.What Happens When It's Wrong
TypeError: Cannot read properties of undefined (reading 'cancel'/'cancelAll'/'address')— the operation fails with a generic error instead of a helpful "trading credentials not configured" message.Suggested Fix
Guard each use site explicitly:
Found by automated non-null assertion audit