Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
| minAmount: asNumber, | ||
| maxAmount: asNumber, | ||
| withdrawMin: asOptional(asNumber, 0), | ||
| withdrawMax: asOptional(asNumber, 0), |
There was a problem hiding this comment.
Zero default for withdrawMax breaks 'to' quotes
Medium Severity
The withdrawMax field defaults to 0 when not provided by the API via asOptional(asNumber, 0). When performing a 'to' quote, the code checks if request.nativeAmount is greater than nativeMax (derived from withdrawMax). If withdrawMax is 0, any positive withdrawal amount will trigger a SwapAboveLimitError with a max of '0', effectively breaking all 'to' quotes for trading pairs where Exolix doesn't return this field.
Additional Locations (1)
| refundAddress: fromAddress, | ||
| refundExtraId: '', | ||
| withdrawalExtraId: '', | ||
| ...amount |
There was a problem hiding this comment.
Undefined values sent as strings in API request
High Severity
When constructing quoteParams for the GET request to /rate, optional fields like coinAddressFrom, coinAddressTo, networkFromChainId, and networkToChainId can be undefined. When this object is passed to new URLSearchParams(params), JavaScript converts undefined values to the literal string "undefined". This results in the API receiving malformed query parameters like coinAddressFrom=undefined instead of omitting the parameter, which will likely cause API errors or incorrect behavior when swapping native coins (non-token assets) or non-EVM chains.
1 participant
CHANGELOG
Does this branch warrant an entry to the CHANGELOG?
Dependencies
noneDescription
noneNote
Medium Risk
Changes request/response shapes and limit validation for a live swap provider, so mismatches with Exolix API expectations could break quoting or cause incorrect limit errors, especially for EVM/token swaps.
Overview
Updates the Exolix swap integration to use Exolix’s newer network/address-based API parameters: requests now send
networkFrom/networkTo(including anevmGenericpath withevmChainId) plus optional tokencoinAddressFrom/coinAddressTo, and the/rateresponse now requires arateIdthat is passed through to/transactions.Replaces the previous currency-code transcription path and the hardcoded $70k USD cap with min/max enforcement directly from Exolix (
minAmount/maxAmountandwithdrawMin/withdrawMax), throwingSwapBelowLimitError/SwapAboveLimitErroraccordingly.Written by Cursor Bugbot for commit f4ddc64. This will update automatically on new commits. Configure here.