fix(consensus): prevent precommit timeout during commit blocking ops (TM-B3)

michaelgpt · michaelgpt · commit 5f23d31f71a8 · 2026-03-13T14:08:56.000-04:00
Move set_step(Commit) before blocking engine execution and storage commit
operations in commit_block(). This prevents precommit timeouts from being
processed while state is still at Precommit step, which caused state
regression to round+1 and corrupted consensus.

Bug scenario:
1. WAL writes Commit entry, state still at Precommit
2. Engine execution starts (blocking ~2+ seconds)
3. Precommit timeout arrives, passes guards since step=Precommit
4. Timeout handler advances to next round, corrupting consensus

Fix: Set step to Commit immediately after building commit signatures,
before any blocking operations begin. The timeout handler will then
correctly ignore precommit timeouts since current step is already Commit.
diff --git a/app/src/actors_v2/chain/tendermint_handlers.rs b/app/src/actors_v2/chain/tendermint_handlers.rs
@@ -2872,6 +2872,21 @@ impl ChainActor {
             }
         };
 
+        // CRITICAL FIX (TM-B3): Set step to Commit BEFORE blocking operations.
+        // This prevents precommit timeouts from triggering during engine execution
+        // or storage commit. The timeout handler checks current_step and will ignore
+        // precommit timeouts when step is already Commit.
+        //
+        // Bug scenario without this fix:
+        // 1. WAL writes Commit entry
+        // 2. Engine execution starts (BLOCKING - 2+ seconds)
+        // 3. Precommit timeout arrives, state is still Precommit
+        // 4. Timeout handler advances to round+1, corrupting consensus
+        {
+            let mut state = tendermint_state.write().await;
+            state.set_step(TendermintStep::Commit);
+        }
+
         // 3. Write commit WAL entry BEFORE any state changes
         // Also write NewRound entry for H+1 to ensure clean recovery
         {
@@ -2968,11 +2983,8 @@ impl ChainActor {
             *guard = commit.clone();
         }
 
-        // 8. Advance state to Commit step
-        {
-            let mut state = tendermint_state.write().await;
-            state.set_step(TendermintStep::Commit);
-        }
+        // 8. [REMOVED - TM-B3]: set_step(Commit) now happens earlier (before blocking ops)
+        // to prevent precommit timeouts from corrupting state during engine execution.
 
         // 9. Notify network peers of committed block
         if let Some(ref network) = self.network_actor {
