fix(storage): save_block atomic — single MDBX write transaction

[satyakwok]

Summary

`ChainStorage::save_block` was doing three separate `mdbx.put` calls
(block JSON → hash index → height key) followed by a `sync()`. Each
put is internally atomic in MDBX, but the trio is not — a crash
between them leaves on-disk state partially consistent:

Crash window	On-disk state
After put #1, before put #2	Block JSON stored, hash → height index missing
After put #2, before put #3	Block + hash indexed, but `height` key still points at the previous tip

The first is recoverable: `ensure_hash_index` walks every block on next boot and rebuilds the index. The second leaves the block orphaned until the next `save_block` call advances `height` past it, and any consumer that derives "tip" from the `height` key (the live chain extent) sees the old tip on restart even though the block JSON for `tip + 1` is persisted. Patch B1 (v2.1.90) added an atomic-write contract for the bulk `save_blockchain` path for exactly this reason; `save_block` was left on the pre-Patch-B1 sequential-put path.

This PR routes the same three puts through one `begin_write` + `commit` so MDBX either writes all three or none. Same mechanism, same tables, same encoded values — only the transactional grouping changes.

What changes

`crates/sentrix-storage/src/chain.rs`:

• Replace the sequential `mdbx.put` × 2 + `save_height` sequence with `mdbx.begin_write()` → `batch.put` × 3 → `batch.commit()`.
• Keep the post-commit `sync()` (matches `save_blockchain` line 145).
• Add a doc comment naming the crash windows the fix closes.

Out of scope: the `save_height` standalone API is unchanged — other callers that need to update height without saving a block (initial chain bootstrap, test helpers) still work.

Test plan

• `cargo clippy --workspace --tests -- -D warnings` clean (matches CI Test workflow).
• `cargo test --release -p sentrix-storage` — 23/23 pass, including `test_save_and_load_block`, `test_load_block_by_hash`, `test_persistence`, `test_height` (all exercise the changed path).
• Diff vs `save_blockchain` (chain.rs:108-147) confirms identical pattern (`begin_write` → `batch.put` → `commit` → `sync`).
• Crash-window verification can't be expressed as a unit test — MDBX's transactional guarantee is the contract that closes it. Same as the original `save_blockchain` Patch B1 had no crash-injection test either.

How I found it

Audit pass against workspace crates one-by-one (operator request). `sentrix-storage` was the 9th crate reviewed. Earlier finds (faucet TOCTOU #760, wallet 0600 + zeroize + prom-exporter doc/warn #761) covered surface issues; this is the first transactional-correctness gap found in storage. Production callers verified in audit:

• `crates/sentrix-core/src/storage.rs:344` — chain-state save path
• `bin/sentrix/src/main.rs:3104` — validator-loop block-finalized save
• `bin/sentrix/src/main.rs:3458` — p2p block-arrival save

All three benefit identically.

Related

Operator constraint for this audit pass: "fix nya jangan buat tambah error, jangan typo, ada gap dan bug lagi". Self-review pre-push confirms: no new error types, no new gaps, clippy clean, 23/23 existing tests pass.

[coderabbitai]

Warning

Review limit reached

@satyakwok, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 41 minutes and 42 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 8f6821f4-cf50-47f5-aa4c-2dd52f62f48f

📥 Commits

Reviewing files that changed from the base of the PR and between f1cca47 and 88831ef.

📒 Files selected for processing (1)

• crates/sentrix-storage/src/chain.rs

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/storage-save-block-atomic

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!