fix(perps): prevent rate limit exhaustion during rapid market switching cp-7.72.0

[abretonc7s]

Description

Fixes HyperLiquid rate limit exhaustion (1200 weight/min) during rapid market switching. Three root causes:

1. Leaked WebSocket subscriptions — activeAssetCtx, bbo, assetCtxs, and dexAllMids subscription promises that resolved after cleanup created orphan subscriptions. Fixed with race guards in .then() handlers that check if a newer subscription already exists.
2. Uncancelled REST calls — candleSnapshot REST calls (~22 weight each) continued in-flight after navigation. Fixed with AbortController in subscribeToCandles.
3. Excessive candle fetch size — Every market visit fetched 500 candles (YearToDate). Reduced to OneWeek for cold cache (~168 candles) and OneDay for revisits (~24 candles). Full history loads on chart scroll via lazy-load.
4. No candle connection debounce — Candle WS subscriptions fired immediately on mount. Added 500ms debounce (PERFORMANCE_CONFIG.CandleConnectDebounceMs) so rapid switches cancel the timer before the subscription fires.

Changelog

CHANGELOG entry: Fixed rate limit errors when quickly switching between markets in the Perps trading view

Related issues

Fixes: #28141

Manual testing steps

Feature: Perps market switching rate limits

  Scenario: User browses multiple markets without rate limit errors
    Given the user is on the Perps Markets list

    When user taps BTC, waits briefly, goes back, taps ETH, waits, goes back,
         and repeats for SOL and HYPE
    Then no "429 Too Many Requests" errors appear in logs
    And chart data loads for each market visited

  Scenario: User rapidly switches markets
    Given the user is on the Perps Markets list

    When user quickly taps through 4+ markets spending <1s on each
    Then candle subscriptions are debounced (no chart flicker)
    And stale subscriptions are cleaned up (no leak accumulation)

Screenshots/Recordings

Before

429 errors after 3-4 market switches, chart subscription failures, leaked WebSocket subscriptions accumulating.

After

8 market switches with zero 429 errors (recipe: 28/28 pass). Stale subscriptions cleaned up automatically.

Validation Recipe (8 rapid market switches)

{
  "title": "Validate rate limit fix - rapid market switching (#28141)",
  "initial_conditions": { "testnet": false },
  "validate": {
    "runtime": {
      "steps": [
        { "id": "nav_perps", "action": "navigate", "target": "PerpsTrendingView" },
        { "id": "wait_list", "action": "wait_for", "test_id": "perps-market-row-item-BTC", "timeout": 10000 },
        { "id": "open_btc", "action": "press", "test_id": "perps-market-row-item-BTC" },
        { "id": "wait_btc", "action": "wait", "ms": 400 },
        { "id": "back_1", "action": "press", "test_id": "perps-market-header-back-button" },
        { "id": "open_eth", "action": "press", "test_id": "perps-market-row-item-ETH" },
        { "id": "wait_eth", "action": "wait", "ms": 400 },
        { "id": "back_2", "action": "press", "test_id": "perps-market-header-back-button" },
        { "id": "open_sol", "action": "press", "test_id": "perps-market-row-item-SOL" },
        { "id": "wait_sol", "action": "wait", "ms": 400 },
        { "id": "back_3", "action": "press", "test_id": "perps-market-header-back-button" },
        { "id": "open_hype", "action": "press", "test_id": "perps-market-row-item-HYPE" },
        { "id": "wait_hype", "action": "wait", "ms": 400 },
        { "id": "back_4", "action": "press", "test_id": "perps-market-header-back-button" },
        { "id": "open_btc2", "action": "press", "test_id": "perps-market-row-item-BTC" },
        { "id": "wait_btc2", "action": "wait", "ms": 400 },
        { "id": "back_5", "action": "press", "test_id": "perps-market-header-back-button" },
        { "id": "open_eth2", "action": "press", "test_id": "perps-market-row-item-ETH" },
        { "id": "wait_eth2", "action": "wait", "ms": 400 },
        { "id": "back_6", "action": "press", "test_id": "perps-market-header-back-button" },
        { "id": "open_sol2", "action": "press", "test_id": "perps-market-row-item-SOL" },
        { "id": "wait_sol2", "action": "wait", "ms": 400 },
        { "id": "back_7", "action": "press", "test_id": "perps-market-header-back-button" },
        { "id": "open_hype2", "action": "press", "test_id": "perps-market-row-item-HYPE" },
        { "id": "wait_hype2", "action": "wait", "ms": 400 },
        { "id": "back_8", "action": "press", "test_id": "perps-market-header-back-button" },
        { "id": "settle", "action": "wait", "ms": 5000 },
        { "id": "check_fix", "action": "log_watch", "window_seconds": 30,
          "watch_for": ["DEBUG-28141"],
          "must_not_appear": ["429 Too Many Requests", "rate limit", "Rate limit"] }
      ]
    }
  }
}

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Medium Risk
Touches Perps streaming/subscription lifecycle (debouncing, retry, and cleanup) and changes initial candle fetch sizing; mistakes could cause missing/late market data or lingering subscriptions, though changes are localized and well-tested.

Overview
Reduces HyperLiquid rate-limit pressure during rapid Perps market switching by debouncing candle WebSocket connects, shrinking initial candle fetch durations, and cancelling in-flight candle snapshot requests on cleanup.

Adds race guards in HyperLiquidSubscriptionService to prevent pending subscription promises (e.g., activeAssetCtx, bbo, assetCtxs, dexAllMids) from becoming orphaned when cleanup happens before they resolve, and updates/expands unit tests to cover deferred connect retries, timer cancellation, abort handling, and stale-subscription cleanup.

^{Written by Cursor Bugbot for commit 40fa684. This will update automatically on new commits. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 52.72727% with 26 lines in your changes missing coverage. Please review.
✅ Project coverage is 82.64%. Comparing base (35dbfe1) to head (2bf790c).
⚠️ Report is 28 commits behind head on main.

Files with missing lines	Patch %	Lines
...s/perps/services/HyperLiquidSubscriptionService.ts	48.64%	9 Missing and 10 partials ⚠️
...UI/Perps/providers/channels/CandleStreamChannel.ts	58.33%	2 Missing and 3 partials ⚠️
...rollers/perps/services/HyperLiquidClientService.ts	66.66%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #28176      +/-   ##
==========================================
+ Coverage   82.55%   82.64%   +0.08%     
==========================================
  Files        4864     4866       +2     
  Lines      125683   126034     +351     
  Branches    28150    28254     +104     
==========================================
+ Hits       103761   104163     +402     
+ Misses      14747    14662      -85     
- Partials     7175     7209      +34     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[abretonc7s]

Automated Review — PR #28176

BETA — Automated review from the farmslot pipeline.

Recommendation	APPROVE
Runner	unknown / unknown
Tier	standard
Cost	N/A (N/A tokens)
Recipe	N/A

Summary

This PR addresses HyperLiquid rate limit exhaustion (1200 weight/min) during rapid market switching through four targeted fixes: debounced candle WebSocket connections, lighter initial candle fetches (OneWeek/OneDay vs YearToDate), abortable REST calls via AbortController, and race guards on async subscription promises. The fix is well-structured, addresses the root causes, and achieves its stated goal.

Full review details

Prior Reviews

No prior CHANGES_REQUESTED reviews. Only COMMENTED reviews from cursor (bot summary) and abretonc7s.

Acceptance Criteria Validation

#	Criterion	Status	Evidence
1	No 429 errors after 4+ market switches	PASS	CDP validation: BTC→ETH→SOL→HYPE rapid switching, zero 429 errors in Metro log
2	Chart data loads for each market visited	PASS	CDP: successfully navigated to HYPE market, candle subscriptions established
3	Candle subscriptions debounced during rapid switching	PASS	Code review: 500ms debounce via PERFORMANCE_CONFIG.CandleConnectDebounceMs, tests verify
4	Stale subscriptions cleaned up	PASS	Code review: race guards in .then() handlers, pending promise tracking, abort on cleanup

Code Quality

• Pattern adherence: Follows codebase conventions. New constant in PERFORMANCE_CONFIG. Uses existing ensureError pattern.
• Complexity: Appropriate — each fix targets a specific root cause without over-engineering.
• Type safety: Two minor as Promise<void> casts in HyperLiquidSubscriptionService.ts:2667,3148 (promise chain returns void | undefined). Pragmatic and low-risk.
• Error handling: AbortError suppression is correct — abort is intentional, not an error.
• Anti-pattern findings:
  • Hardcoded 200 at CandleStreamChannel.ts:279 duplicates PERFORMANCE_CONFIG.NavigationParamsDelayMs. Minor inconsistency.
  • No magic strings, no console.log, no eslint-disable comments.

Fix Quality

• Best approach: Yes, this is the correct fix. The four-pronged approach (debounce, lighter fetch, abort, race guards) addresses all identified root causes. A single fix (e.g., only debounce) would not fully solve the problem.
• Would not ship: Nothing blocking. All changes are shippable.
• Test quality: Good. Tests verify debounce timing via flushConnectDebounce(), cold/warm cache duration selection, abort error suppression. The abort test specifically verifies that onError is NOT called when abort fires — this is the right assertion.
• Brittleness: Low. The debounce constant is externalized. The race guard pattern (check subscriber count + existing subscription in .then()) is robust against re-ordering. The as Promise<void> casts are cosmetic.

Live Validation

• Recipe: skipped (tier: standard)
• Result: PASS — CDP validation with 4 rapid market switches, zero errors
• Video: failed (SimulatorError — simulator recording unavailable)
• Native changes: none
• Metro errors: none related to PR changes (only pre-existing keychain warnings)
• Log monitoring: 30s monitored, zero 429/rate-limit errors, clean candle subscription establishment

Correctness

• Diff vs stated goal: Aligned — all four root causes addressed
• Edge cases:
  • Covered: rapid away-and-back (pending promise replaced), cleanup during pending subscription, abort during in-flight REST
  • Covered: cache hit vs cold cache for duration selection
  • Covered: reconnection path clears pending promise maps
• Race conditions: Addressed — the entire PR is about fixing race conditions in async subscription lifecycle
• Backward compatibility: Preserved — no API changes, internal behavior only

Static Analysis

• lint:tsc: PASS — 0 errors
• Tests: 115/115 pass (CandleStreamChannel.test.ts + HyperLiquidClientService.test.ts)

Architecture & Domain

• HyperLiquidSubscriptionService.ts is at 3,731 lines (exceeds 2,500 hard limit). This PR adds ~50 lines but the file was already over-limit. Recommend planning a split in a follow-up.
• The debounce + abort + race guard pattern could serve as a reference for other subscription channels if similar issues arise.
• No controller portability issues — all changes are within the HyperLiquid provider layer.

Risk Assessment

• [MEDIUM] — Changes core subscription lifecycle logic. However, the race guards are defensive (fail-safe: unsubscribe stale) and the debounce is a well-understood pattern. Tests cover the critical paths.

Recommended Action

[APPROVE]

• Two minor nitpicks (hardcoded 200, as Promise<void> casts) — neither blocks merge.
• File size of HyperLiquidSubscriptionService.ts should be tracked for future split.

Line comments (3 comments: 1 suggestion, 2 nitpick)

• [nitpick] app/components/UI/Perps/providers/channels/CandleStreamChannel.ts:279: Hardcoded 200 duplicates PERFORMANCE_CONFIG.NavigationParamsDelayMs. Consider using the named constant to keep them in sync if the intent is the same delay.
• [nitpick] app/controllers/perps/services/HyperLiquidSubscriptionService.ts:2667: The as Promise<void> cast is needed because .then() returns void | undefined. Consider adding an explicit return undefined as void; at the end of the .then() chain to avoid the cast, or type the map as Map<string, Promise<void | undefined>>.
• [suggestion] app/controllers/perps/services/HyperLiquidSubscriptionService.ts:3731: This file is at 3,731 lines — well above the 2,500 line guideline. While this PR only adds ~50 lines, consider planning a split (e.g., extracting market data subscriptions, order book subscriptions, and fills into separate service classes).

---

No video evidence recorded.

[abretonc7s]

Automated Review — PR #28176

BETA — Automated review from the farmslot pipeline.

Recommendation	APPROVE
Runner	unknown / unknown
Tier	standard
Cost	N/A (N/A tokens)
Recipe	N/A

Summary

This PR addresses HyperLiquid rate limit exhaustion (1200 weight/min) during rapid market switching through four targeted fixes: debounced candle WebSocket connections, lighter initial candle fetches (OneWeek/OneDay vs YearToDate), abortable REST calls via AbortController, and race guards on async subscription promises. The fix is well-structured, addresses the root causes, and achieves its stated goal.

Full review details

Prior Reviews

No prior CHANGES_REQUESTED reviews. Only COMMENTED reviews from cursor (bot summary) and abretonc7s.

Acceptance Criteria Validation

#	Criterion	Status	Evidence
1	No 429 errors after 4+ market switches	PASS	CDP validation: BTC→ETH→SOL→HYPE rapid switching, zero 429 errors in Metro log
2	Chart data loads for each market visited	PASS	CDP: successfully navigated to HYPE market, candle subscriptions established
3	Candle subscriptions debounced during rapid switching	PASS	Code review: 500ms debounce via PERFORMANCE_CONFIG.CandleConnectDebounceMs, tests verify
4	Stale subscriptions cleaned up	PASS	Code review: race guards in .then() handlers, pending promise tracking, abort on cleanup

Code Quality

• Pattern adherence: Follows codebase conventions. New constant in PERFORMANCE_CONFIG. Uses existing ensureError pattern.
• Complexity: Appropriate — each fix targets a specific root cause without over-engineering.
• Type safety: Two minor as Promise<void> casts in HyperLiquidSubscriptionService.ts:2667,3148 (promise chain returns void | undefined). Pragmatic and low-risk.
• Error handling: AbortError suppression is correct — abort is intentional, not an error.
• Anti-pattern findings:
  • Hardcoded 200 at CandleStreamChannel.ts:279 duplicates PERFORMANCE_CONFIG.NavigationParamsDelayMs. Minor inconsistency.
  • No magic strings, no console.log, no eslint-disable comments.

Fix Quality

• Best approach: Yes, this is the correct fix. The four-pronged approach (debounce, lighter fetch, abort, race guards) addresses all identified root causes. A single fix (e.g., only debounce) would not fully solve the problem.
• Would not ship: Nothing blocking. All changes are shippable.
• Test quality: Good. Tests verify debounce timing via flushConnectDebounce(), cold/warm cache duration selection, abort error suppression. The abort test specifically verifies that onError is NOT called when abort fires — this is the right assertion.
• Brittleness: Low. The debounce constant is externalized. The race guard pattern (check subscriber count + existing subscription in .then()) is robust against re-ordering. The as Promise<void> casts are cosmetic.

Live Validation

• Recipe: skipped (tier: standard)
• Result: PASS — CDP validation with 4 rapid market switches, zero errors
• Video: failed (SimulatorError — simulator recording unavailable)
• Native changes: none
• Metro errors: none related to PR changes (only pre-existing keychain warnings)
• Log monitoring: 30s monitored, zero 429/rate-limit errors, clean candle subscription establishment

Correctness

• Diff vs stated goal: Aligned — all four root causes addressed
• Edge cases:
  • Covered: rapid away-and-back (pending promise replaced), cleanup during pending subscription, abort during in-flight REST
  • Covered: cache hit vs cold cache for duration selection
  • Covered: reconnection path clears pending promise maps
• Race conditions: Addressed — the entire PR is about fixing race conditions in async subscription lifecycle
• Backward compatibility: Preserved — no API changes, internal behavior only

Static Analysis

• lint:tsc: PASS — 0 errors
• Tests: 115/115 pass (CandleStreamChannel.test.ts + HyperLiquidClientService.test.ts)

Architecture & Domain

• HyperLiquidSubscriptionService.ts is at 3,731 lines (exceeds 2,500 hard limit). This PR adds ~50 lines but the file was already over-limit. Recommend planning a split in a follow-up.
• The debounce + abort + race guard pattern could serve as a reference for other subscription channels if similar issues arise.
• No controller portability issues — all changes are within the HyperLiquid provider layer.

Risk Assessment

• [MEDIUM] — Changes core subscription lifecycle logic. However, the race guards are defensive (fail-safe: unsubscribe stale) and the debounce is a well-understood pattern. Tests cover the critical paths.

Recommended Action

[APPROVE]

• Two minor nitpicks (hardcoded 200, as Promise<void> casts) — neither blocks merge.
• File size of HyperLiquidSubscriptionService.ts should be tracked for future split.

Line comments (3 comments: 1 suggestion, 2 nitpick)

• [nitpick] app/components/UI/Perps/providers/channels/CandleStreamChannel.ts:279: Hardcoded 200 duplicates PERFORMANCE_CONFIG.NavigationParamsDelayMs. Consider using the named constant to keep them in sync if the intent is the same delay.
• [nitpick] app/controllers/perps/services/HyperLiquidSubscriptionService.ts:2667: The as Promise<void> cast is needed because .then() returns void | undefined. Consider adding an explicit return undefined as void; at the end of the .then() chain to avoid the cast, or type the map as Map<string, Promise<void | undefined>>.
• [suggestion] app/controllers/perps/services/HyperLiquidSubscriptionService.ts:3731: This file is at 3,731 lines — well above the 2,500 line guideline. While this PR only adds ~50 lines, consider planning a split (e.g., extracting market data subscriptions, order book subscriptions, and fills into separate service classes).

---

No video evidence recorded.

[abretonc7s]

@abretonc7s will it not have a negative impact on the perceived performance?

Nope, nothing visible really.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokePerps, SmokeWalletPlatform, SmokeConfirmations
• Selected Performance tags: @PerformancePreps
• Risk Level: medium
• AI Confidence: 92%

click to see 🤖 AI reasoning details

E2E Test Selection:
All 7 changed files are exclusively within the Perps feature domain. The changes fix race conditions and rate limit exhaustion during rapid market switching (#28141):

1. HyperLiquidClientService.ts: Adds AbortSignal/AbortController to cancel in-flight candleSnapshot REST calls on cleanup, preventing rate limit exhaustion.
2. HyperLiquidSubscriptionService.ts: Adds pending promise tracking maps for activeAsset and BBO subscriptions to prevent subscription leaks when cleanup fires before async subscriptions resolve. Also fixes race conditions in allMids and assetCtxs subscriptions.
3. CandleStreamChannel.ts: Refactors connect() to always defer via 500ms debounce (new CandleConnectDebounceMs constant), splits into connect() (schedules) and connectNow() (executes). Changes initial fetch duration from YearToDate to OneWeek (or OneDay on cache hit) to conserve rate limit budget. Adds clearCache() override to cancel deferred timers.
4. perpsConfig.ts: Adds CandleConnectDebounceMs: 500 constant.
5. Test files: Updated to account for new debounce behavior.

SmokePerps is the primary tag as these changes directly affect perps trading functionality (candle chart data, market data subscriptions, order book subscriptions). Per SmokePerps tag description, SmokeWalletPlatform (Trending section) and SmokeConfirmations (Add Funds on-chain transactions) must also be selected. No other feature areas are impacted - no shared components, navigation, Engine, or other controllers were modified.

Performance Test Selection:
The changes include a significant optimization to candle data fetching: initial fetch duration changed from YearToDate (up to 500 candles) to OneWeek (lighter fetch) or OneDay (on cache hit). This directly impacts perps market loading performance. The 500ms debounce on connect() also affects subscription timing. @PerformancePreps covers perps market loading, position management, add funds flow, and order execution - all of which are affected by these subscription and data fetching changes.

View GitHub Actions results

[github-actions]

✅ E2E Fixture Validation — Schema is up to date
17 value mismatches detected (expected — fixture represents an existing user).
View details

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
88.7% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud