Risk Level
MEDIUM
Location
core/src/feeds/chainlink/chainlink-feed.ts:163–170
Code
protected watchTickerImpl(symbol: string, callback: (ticker: Ticker) => void): () => void {
const sub: Subscription = { symbol: symbol.toUpperCase(), callback };
this.subscriptions = [...this.subscriptions, sub];
this.ensureConnected(); // <-- Promise<void> silently discarded
return () => {
this.subscriptions = this.subscriptions.filter((s) => s !== sub);
};
}What Happens on Failure
Identical pattern to BinanceFeed.watchTickerImpl (companion issue). this.ensureConnected() is async and can reject if the WebSocket handshake fails; the returned Promise is discarded with no .catch(). The subscription appears registered, but if the initial connect attempt failed, the Chainlink oracle price feed never delivers updates and no error is surfaced to the caller.
For price-feed consumers that drive orderbook bids or execution decisions based on oracle prices, a silently dead ChainlinkFeed means stale or missing reference data with zero diagnostic output.
Suggested Fix
this.ensureConnected().catch((err: unknown) => {
console.error('[ChainlinkFeed] initial connect failed in watchTickerImpl:', err instanceof Error ? err.message : String(err));
});
Found by automated unhandled async audit
Risk Level
MEDIUM
Location
core/src/feeds/chainlink/chainlink-feed.ts:163–170Code
What Happens on Failure
Identical pattern to
BinanceFeed.watchTickerImpl(companion issue).this.ensureConnected()isasyncand can reject if the WebSocket handshake fails; the returned Promise is discarded with no.catch(). The subscription appears registered, but if the initial connect attempt failed, the Chainlink oracle price feed never delivers updates and no error is surfaced to the caller.For price-feed consumers that drive orderbook bids or execution decisions based on oracle prices, a silently dead
ChainlinkFeedmeans stale or missing reference data with zero diagnostic output.Suggested Fix
Found by automated unhandled async audit