Skip to content

Use environment variable for BASE_URL in pricesV2UsdAdapter#489

Open
blurpesec wants to merge 1 commit intoconsensys-vertical-apps:mainfrom
blurpesec:patch-2
Open

Use environment variable for BASE_URL in pricesV2UsdAdapter#489
blurpesec wants to merge 1 commit intoconsensys-vertical-apps:mainfrom
blurpesec:patch-2

Conversation

@blurpesec
Copy link

@blurpesec blurpesec commented Feb 11, 2026
edited by cursor bot
Loading

Description

Pre-merge author checklist

  • A brief description of the protocol and adapters is added to the PR
  • Files outside the protocol folder are not being edited and, if they are, it's clearly explained why in the PR
  • update me comments are removed
  • Contracts used are verified for that chain block explorer
  • Test cases with a block number have been added to the testCases.ts file for every relevant method that has been implemented
    • positions
    • prices (unwrap)
  • getAddress from ethers
    • Is used to parse hardcoded addresses
    • Is used to parse addresses that come from contract calls when it is not clear they'll be in checksum format
    • It is NOT used to parse addresses from input methods
    • It is NOT used to parse addresses from metadata
  • For every adapter that extends SimplePoolAdapter
    • getPositions is not overwritten and, if it is, it's clearly explained why in the PR
    • unwrap is not overwritten and, if it is, it's clearly explained why in the PR
  • If the adapters requires to fetch static data on-chain (e.g. pool ids, token metadata, etc)
    • The adapter implements IMetadataBuilder
    • The buildMetadata method is implemented with the @CacheToFile decorator
    • All the static data is stored within the metadata JSON file

Note

Low Risk
Small, isolated configuration change; risk is limited to misconfiguration of the environment variable causing requests to target the wrong endpoint.

Overview
The PricesV2UsdAdapter now reads the spot-price API BASE_URL from process.env.PRICE_API, falling back to the existing https://price-api.metafi.codefi.network default when unset.

Written by Cursor Bugbot for commit 6bf0c8c. This will update automatically on new commits. Configure here.

cursor[bot]
cursor bot reviewed Feb 11, 2026
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

packages/adapters-library/src/adapters/prices-v2/products/usd/pricesV2UsdAdapter.ts

export const USD = 'USD'
const BASE_URL = 'https://price-api.metafi.codefi.network'
const BASE_URL = process.env.PRICE_API ?? 'https://price-api.metafi.codefi.network'
Copy link

@cursor cursor bot Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Empty env var bypasses fallback due to nullish coalescing

Medium Severity

Using ?? (nullish coalescing) instead of || means that if PRICE_API is set to an empty string (which some CI/Docker environments do), the fallback URL won't activate. An empty BASE_URL will then cause new URL(...) on line 112 to throw a TypeError: Invalid URL, and since that call sits outside the try/catch block, the error propagates unhandled from getSpotPriceByAddress.

Fix in Cursor Fix in Web

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@blurpesec