ROUND 2: Fix business logic vulnerabilities - fetch error handling, async operations safety

Co-authored-by: 0xrinegade <[email protected]>

Author: Copilot

src/utils/ccai.ts

@@ -8,26 +8,35 @@ export const getTokensData = async () => {
     }
   `;
 
-  return await fetch('https://api.cryptocurrencies.ai/graphql', {
-    method: 'POST',
-    headers: {
-      'Content-Type': 'application/json',
-    },
-    body: JSON.stringify({
-      operationName: 'getDexTokensPrices',
-      query: getDexTokensPrices,
-    }),
-  })
-    .then((data) => data.json())
-    .then((data) => {
-      const map = new Map();
+  try {
+    const response = await fetch('https://api.cryptocurrencies.ai/graphql', {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify({
+        operationName: 'getDexTokensPrices',
+        query: getDexTokensPrices,
+      }),
+    });
 
-      if (data && data.data && data.data.getDexTokensPrices) {
-        data.data.getDexTokensPrices.forEach((tokenData) => {
-          map.set(tokenData.symbol, tokenData.price);
-        });
-      }
+    if (!response.ok) {
+      throw new Error(`HTTP error! status: ${response.status}`);
+    }
 
-      return map;
-    });
+    const data = await response.json();
+    const map = new Map();
+
+    if (data && data.data && data.data.getDexTokensPrices) {
+      data.data.getDexTokensPrices.forEach((tokenData) => {
+        map.set(tokenData.symbol, tokenData.price);
+      });
+    }
+
+    return map;
+  } catch (error) {
+    // Return empty map on error to prevent app crashes
+    console.warn('Failed to fetch token prices:', error);
+    return new Map();
+  }
 };

src/utils/markets.ts

@@ -52,31 +52,35 @@ class PriceStore {
       }
       if (this.cache[marketName] === undefined) {
         let CORS_PROXY = "https://ancient-peak-37978.herokuapp.com/"
-        fetch(`${CORS_PROXY}https://serum-api.bonfida.com/orderbooks/${marketName}`).then(
-          (resp) => {
-            resp.json().then((resp) => {
-              if (!resp || !resp.data || !resp.data.asks || !resp.data.bids) {
-                resolve(null)
-                return
-              }
+        fetch(`${CORS_PROXY}https://serum-api.bonfida.com/orderbooks/${marketName}`)
+          .then((resp) => {
+            if (!resp.ok) {
+              throw new Error(`HTTP error! status: ${resp.status}`);
+            }
+            return resp.json();
+          })
+          .then((resp) => {
+            if (!resp || !resp.data || !resp.data.asks || !resp.data.bids) {
+              resolve(null)
+              return
+            }
 
-              if (resp.data.asks.length === 0 && resp.data.bids.length === 0) {
-                resolve(null);
-              } else if (resp.data.asks.length === 0) {
-                resolve(resp.data.bids[0].price);
-              } else if (resp.data.bids.length === 0) {
-                resolve(resp.data.asks[0].price);
-              } else {
-                const mid =
-                  (resp.data.asks[0].price + resp.data.bids[0].price) / 2.0;
-                this.cache[marketName] = mid;
-                resolve(this.cache[marketName]);
-              }
-            });
-          },
-        ).catch(e => {
-          resolve(null)
-        });
+            if (resp.data.asks.length === 0 && resp.data.bids.length === 0) {
+              resolve(null);
+            } else if (resp.data.asks.length === 0) {
+              resolve(resp.data.bids[0].price);
+            } else if (resp.data.bids.length === 0) {
+              resolve(resp.data.asks[0].price);
+            } else {
+              const mid =
+                (resp.data.asks[0].price + resp.data.bids[0].price) / 2.0;
+              this.cache[marketName] = mid;
+              resolve(this.cache[marketName]);
+            }
+          })
+          .catch(e => {
+            resolve(null)
+          });
       } else {
         return resolve(this.cache[marketName]);
       }