From 798430d127521d088c081ee625912a704f415990 Mon Sep 17 00:00:00 2001
From: Andrew Chow <github@achow101.com>
Date: Mon, 5 Dec 2022 15:53:18 -0500
Subject: [PATCH] wallet: Sanity check fee paid cannot be negative

We need to check that the fee is not negative even before it is
finalized. The setting of fees for SFFO may adjust the fee to be
"correct" and no longer negative, but erroneously reduce the amounts too
far. So we need to check this condition before we do those adjustments.
---
 src/wallet/spend.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/wallet/spend.cpp b/src/wallet/spend.cpp
index a1a98381e5a..dd3f0e99d1a 100644
--- a/src/wallet/spend.cpp
+++ b/src/wallet/spend.cpp
@@ -964,6 +964,11 @@ static util::Result<CreatedTransactionResult> CreateTransactionInternal(
     Assume(recipients_sum + change_amount == output_value);
     CAmount current_fee = result->GetSelectedValue() - output_value;
 
+    // Sanity check that the fee cannot be negative as that means we have more output value than input value
+    if (current_fee < 0) {
+        return util::Error{Untranslated(STR_INTERNAL_BUG("Fee paid < 0"))};
+    }
+
     // If there is a change output and we overpay the fees then increase the change to match the fee needed
     if (nChangePosInOut != -1 && fee_needed < current_fee) {
         auto& change = txNew.vout.at(nChangePosInOut);