[type-any] subscriber/external/goldsky.ts: 8 unsafe any types

[realfishsam]

Risk Level

MEDIUM

File

core/src/subscriber/external/goldsky.ts

Findings

• Line 20: variables?: Record<string, any> — GraphQL variables object typed as Record<string, any>; specific variable shapes per query are invisible to the type system
• Line 134: const trades: any[] = [] — trade accumulator untyped
• Line 135: makerData?.orderFilledEvents as any[], takerData?.orderFilledEvents as any[] — GraphQL response fields cast to any[]
• Line 185: (data as any)?.orderFilledEvents — response field accessed via as any
• Line 189: filled.map((f: any): Trade => { — filled events map element untyped
• Line 244: (data as any)?.transfers — transfers field accessed via as any
• Line 359: await res.json() as any — raw HTTP response immediately cast to any
• Line 365: catch (err: any) — catch clause not narrowed

Impact

• The variables?: Record<string, any> GraphQL query interface makes it impossible to type-check query variables against their expected schema
• res.json() as any immediately discards the response type — defining a typed response interface would catch field renames in the Goldsky API at compile time
• (data as any)?.orderFilledEvents and (data as any)?.transfers indicate the GraphQL response types are not modeled, so renamed fields would silently return undefined

Suggested Fix

• Define GoldskyOrderFilledEvent and GoldskyTransfer interfaces matching the subgraph schema
• Define typed query variable interfaces per GraphQL operation (e.g. TradeQueryVariables, TransferQueryVariables)
• Use await res.json() as GoldskyResponse with a proper response interface rather than as any
• Use catch (err: unknown) and narrow before access

---

Found by automated any type audit