python/coinbase-agentkit/coinbase_agentkit/action_providers/pyth/pyth_action_provider.py

-Original file line number
+Diff line change
@@ Expand Up / @@ -46,7 +46,7 @@ def fetch_price_feed_id(self, args: dict[str, Any]) -> str: @@
             """
             token_symbol = args["token_symbol"]
             url = f"https://hermes.pyth.network/v2/price_feeds?query={token_symbol}&asset_type=crypto"
-            response = requests.get(url)
+            response = requests.get(url, timeout=10)
             response.raise_for_status()
             data = response.json()
@@ Expand Down Expand Up / @@ -86,7 +86,7 @@ def fetch_price(self, args: dict[str, Any]) -> str: @@
             try:
                 price_feed_id = args["price_feed_id"]
                 url = f"https://hermes.pyth.network/v2/updates/price/latest?ids[]={price_feed_id}"
-                response = requests.get(url)
+                response = requests.get(url, timeout=10)
                 response.raise_for_status()
                 data = response.json()
                 parsed_data = data["parsed"]
@@ Expand Down @@

python/coinbase-agentkit/coinbase_agentkit/analytics/send_analytics_event.py

-Original file line number
+Diff line change
@@ Expand Up / @@ -51,7 +51,10 @@ def send_analytics_event(event: RequiredEventData) -> None: @@
         stringified_event_data = json.dumps(events)
         upload_time = str(timestamp)
-        checksum = hashlib.md5((stringified_event_data + upload_time).encode("utf-8")).hexdigest()
+        # Use a non-cryptographic checksum compatible with the analytics backend without
+        # exposing weak crypto primitives for integrity; md5 is insecure and should
+        # not be used for security-sensitive operations.
+        checksum = hashlib.sha256((stringified_event_data + upload_time).encode("utf-8")).hexdigest()
         analytics_service_data = {
             "e": stringified_event_data,
@@ Expand All / @@ -66,5 +69,6 @@ def send_analytics_event(event: RequiredEventData) -> None: @@
             event_endpoint,
             json=analytics_service_data,
             headers={"Content-Type": "application/json"},
+            timeout=10,
         )
         response.raise_for_status()

python/create-onchain-agent/create_onchain_agent/cli.py

-Original file line number
+Diff line change
@@ Expand Up @@
             return str(extract_path)
         # Download the zip file
-        response = requests.get(GITHUB_ZIP_URL)
+        response = requests.get(GITHUB_ZIP_URL, timeout=20)
         response.raise_for_status()
         with open(zip_path, "wb") as f:
@@ Expand Down @@

typescript/agentkit/src/action-providers/opensea/openseaActionProvider.ts

-Original file line number
+Diff line change
@@ Expand Up @@
         this.apiKey = apiKey;
         const chainId = NETWORK_ID_TO_CHAIN_ID[config.networkId || "base-sepolia"];
-        const provider = ethers.getDefaultProvider(parseInt(chainId));
+        // Ensure a default provider is created with an explicit network definition.
+        // Passing an ID as a number without a network can resolve incorrectly in some ethers versions.
+        const provider = ethers.getDefaultProvider(Number.parseInt(chainId, 10));
         const walletWithProvider = new Wallet(config.privateKey!, provider);
         this.walletWithProvider = walletWithProvider;
@@ Expand Down @@

typescript/agentkit/src/action-providers/wow/utils.ts

-Original file line number
+Diff line change
@@ Expand Up / @@ -45,7 +45,8 @@ export async function getBuyQuote( @@
               address: tokenAddress as `0x${string}`,
               abi: WOW_ABI,
               functionName: "getEthBuyQuote",
-              args: [amountEthInWei],
+              // Ensure the argument is passed as a bigint to match on-chain units
+              args: [BigInt(amountEthInWei)],
             })
       ) as string | number;
@@ Expand Down Expand Up / @@ -74,7 +75,8 @@ export async function getSellQuote( @@
               address: tokenAddress as `0x${string}`,
               abi: WOW_ABI,
               functionName: "getTokenSellQuote",
-              args: [amountTokensInWei],
+              // Ensure the argument is passed as a bigint to match on-chain units
+              args: [BigInt(amountTokensInWei)],
             })
       ) as string | number;
@@ Expand Down @@

typescript/agentkit/src/utils.ts

-Original file line number
+Diff line change
@@ Expand Up / @@ -60,5 +60,12 @@ export async function approve( @@
      * @returns The adjusted gas estimate as a bigint.
      */
     export function applyGasMultiplier(gas: bigint, multiplier: number): bigint {
-      return BigInt(Math.round(Number(gas) * multiplier));
+      if (!Number.isFinite(multiplier) || multiplier <= 0) return gas;
+      if (multiplier === 1) return gas;
+      // Perform bigint-safe scaling with fixed precision to avoid Number(gas) loss
+      const SCALE = 1000n; // three decimal places of precision
+      const scaledMultiplier = BigInt(Math.round(multiplier * Number(SCALE)));
+      // Round half-up by adding half the divisor before integer division
+      return (gas * scaledMultiplier + SCALE / 2n) / SCALE;
     }

typescript/create-onchain-agent/src/utils.ts

-Original file line number
+Diff line change
@@ Expand Up / @@ -267,7 +267,9 @@ export async function handleNextSelection( @@
           .filter(Boolean)
           .join("\n"),
       ];
-      await fs.writeFile(envPath, envLines);
+      // Persist the environment file as a single string. Passing an array would
+      // coerce to a comma-joined string implicitly, corrupting the .env format.
+      await fs.writeFile(envPath, envLines.join("\n"));
       // Promose selected routes to
       const promoteRoute = async (toPromose: string, type: string, to: string) => {
@@ Expand Down @@

Fix three code bugs #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft

conjon611 wants to merge 1 commit into main from cursor/fix-three-code-bugs-c8ec

-Original file line number
+Diff line change
@@ Expand Up / @@ -46,7 +46,7 @@ def fetch_price_feed_id(self, args: dict[str, Any]) -> str: @@
             """
             token_symbol = args["token_symbol"]
             url = f"https://hermes.pyth.network/v2/price_feeds?query={token_symbol}&asset_type=crypto"
-            response = requests.get(url)
+            response = requests.get(url, timeout=10)
             response.raise_for_status()
             data = response.json()
@@ Expand Down Expand Up / @@ -86,7 +86,7 @@ def fetch_price(self, args: dict[str, Any]) -> str: @@
             try:
                 price_feed_id = args["price_feed_id"]
                 url = f"https://hermes.pyth.network/v2/updates/price/latest?ids[]={price_feed_id}"
-                response = requests.get(url)
+                response = requests.get(url, timeout=10)
                 response.raise_for_status()
                 data = response.json()
                 parsed_data = data["parsed"]
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -51,7 +51,10 @@ def send_analytics_event(event: RequiredEventData) -> None: @@
         stringified_event_data = json.dumps(events)
         upload_time = str(timestamp)
-        checksum = hashlib.md5((stringified_event_data + upload_time).encode("utf-8")).hexdigest()
+        # Use a non-cryptographic checksum compatible with the analytics backend without
+        # exposing weak crypto primitives for integrity; md5 is insecure and should
+        # not be used for security-sensitive operations.
+        checksum = hashlib.sha256((stringified_event_data + upload_time).encode("utf-8")).hexdigest()
         analytics_service_data = {
             "e": stringified_event_data,
@@ Expand All / @@ -66,5 +69,6 @@ def send_analytics_event(event: RequiredEventData) -> None: @@
             event_endpoint,
             json=analytics_service_data,
             headers={"Content-Type": "application/json"},
+            timeout=10,
         )
         response.raise_for_status()

-Original file line number
+Diff line change
@@ Expand Up @@
             return str(extract_path)
         # Download the zip file
-        response = requests.get(GITHUB_ZIP_URL)
+        response = requests.get(GITHUB_ZIP_URL, timeout=20)
         response.raise_for_status()
         with open(zip_path, "wb") as f:
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up @@
         this.apiKey = apiKey;
         const chainId = NETWORK_ID_TO_CHAIN_ID[config.networkId || "base-sepolia"];
-        const provider = ethers.getDefaultProvider(parseInt(chainId));
+        // Ensure a default provider is created with an explicit network definition.
+        // Passing an ID as a number without a network can resolve incorrectly in some ethers versions.
+        const provider = ethers.getDefaultProvider(Number.parseInt(chainId, 10));
         const walletWithProvider = new Wallet(config.privateKey!, provider);
         this.walletWithProvider = walletWithProvider;
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -45,7 +45,8 @@ export async function getBuyQuote( @@
               address: tokenAddress as `0x${string}`,
               abi: WOW_ABI,
               functionName: "getEthBuyQuote",
-              args: [amountEthInWei],
+              // Ensure the argument is passed as a bigint to match on-chain units
+              args: [BigInt(amountEthInWei)],
             })
       ) as string | number;
@@ Expand Down Expand Up / @@ -74,7 +75,8 @@ export async function getSellQuote( @@
               address: tokenAddress as `0x${string}`,
               abi: WOW_ABI,
               functionName: "getTokenSellQuote",
-              args: [amountTokensInWei],
+              // Ensure the argument is passed as a bigint to match on-chain units
+              args: [BigInt(amountTokensInWei)],
             })
       ) as string | number;
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -60,5 +60,12 @@ export async function approve( @@
      * @returns The adjusted gas estimate as a bigint.
      */
     export function applyGasMultiplier(gas: bigint, multiplier: number): bigint {
-      return BigInt(Math.round(Number(gas) * multiplier));
+      if (!Number.isFinite(multiplier) || multiplier <= 0) return gas;
+      if (multiplier === 1) return gas;
+      // Perform bigint-safe scaling with fixed precision to avoid Number(gas) loss
+      const SCALE = 1000n; // three decimal places of precision
+      const scaledMultiplier = BigInt(Math.round(multiplier * Number(SCALE)));
+      // Round half-up by adding half the divisor before integer division
+      return (gas * scaledMultiplier + SCALE / 2n) / SCALE;
     }

-Original file line number
+Diff line change
@@ Expand Up / @@ -267,7 +267,9 @@ export async function handleNextSelection( @@
           .filter(Boolean)
           .join("\n"),
       ];
-      await fs.writeFile(envPath, envLines);
+      // Persist the environment file as a single string. Passing an array would
+      // coerce to a comma-joined string implicitly, corrupting the .env format.
+      await fs.writeFile(envPath, envLines.join("\n"));
       // Promose selected routes to
       const promoteRoute = async (toPromose: string, type: string, to: string) => {
@@ Expand Down @@

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix three code bugs #5

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!

Fix three code bugs #5

Are you sure you want to change the base?

Uh oh!

Fix three code bugs #5

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!