Overview
src/utils/config.rs saves configuration by serializing to TOML and writing directly to ~/.starforge/config.toml. If the process is interrupted mid-write (signal, power loss, disk full), the config file ends up truncated or corrupt, destroying all wallet data. On a mainnet wallet with real funds this is catastrophic.
Resolution
Implement atomic saves: write to a temp file in the same directory (config.toml.tmp), then call fs::rename which on POSIX is atomic within the same filesystem. Add a config.toml.bak backup: before writing, copy the current config to .bak. After rename succeeds, optionally prune .bak or keep the last N backups. Add a config::load_with_recovery() that detects corrupt TOML (parse error), falls back to .bak, and warns the user. Add file locking via the fs2 crate (FileExt::lock_exclusive) to prevent concurrent starforge instances from interleaving writes. Also set file permissions to 0o600 (fs::Permissions) immediately after creation on Linux/macOS — currently secret keys stored in plaintext are world-readable if the directory has a permissive umask.
Overview
src/utils/config.rssaves configuration by serializing to TOML and writing directly to~/.starforge/config.toml. If the process is interrupted mid-write (signal, power loss, disk full), the config file ends up truncated or corrupt, destroying all wallet data. On a mainnet wallet with real funds this is catastrophic.Resolution
Implement atomic saves: write to a temp file in the same directory (
config.toml.tmp), then callfs::renamewhich on POSIX is atomic within the same filesystem. Add aconfig.toml.bakbackup: before writing, copy the current config to.bak. After rename succeeds, optionally prune.bakor keep the last N backups. Add aconfig::load_with_recovery()that detects corrupt TOML (parse error), falls back to.bak, and warns the user. Add file locking via thefs2crate (FileExt::lock_exclusive) to prevent concurrentstarforgeinstances from interleaving writes. Also set file permissions to0o600(fs::Permissions) immediately after creation on Linux/macOS — currently secret keys stored in plaintext are world-readable if the directory has a permissive umask.