Where
examples/widget/src/components/OrderForm.tsx (slippage send + validation):
|
slippageBps: parseInt(slippageBps), |
Problem
slippageBps is sent straight through with no validation or clamping:
slippageBps: parseInt(slippageBps),
- The
isValid memo checks sellToken, buyToken, sellAmount, triggerPrice, interval and maxExecutions, but never slippageBps.
- The input has
max="2000", but the HTML max attribute does not prevent typing or pasting larger values, so a value above 2000 is submitted as-is.
- If the field is cleared,
parseInt("") is NaN, which JSON.stringify serializes to null, so the request sends "slippageBps": null.
MAX_SLIPPAGE_BPS (2000) is defined in constants.ts but never used.
Suggested fix
Validate and clamp before building the request:
const bps = Number.parseInt(slippageBps, 10);
if (!Number.isFinite(bps) || bps < 0 || bps > MAX_SLIPPAGE_BPS) {
// block submit or show an error
}
// otherwise:
slippageBps: Math.min(MAX_SLIPPAGE_BPS, Math.max(0, bps)),
Where
examples/widget/src/components/OrderForm.tsx(slippage send + validation):trading-engine-api-example/examples/widget/src/components/OrderForm.tsx
Line 315 in 3dcbc58
Problem
slippageBpsis sent straight through with no validation or clamping:isValidmemo checks sellToken, buyToken, sellAmount, triggerPrice, interval and maxExecutions, but neverslippageBps.max="2000", but the HTMLmaxattribute does not prevent typing or pasting larger values, so a value above 2000 is submitted as-is.parseInt("")isNaN, whichJSON.stringifyserializes tonull, so the request sends"slippageBps": null.MAX_SLIPPAGE_BPS(2000) is defined inconstants.tsbut never used.Suggested fix
Validate and clamp before building the request: