wallet: Sanity check fee paid cannot be negative

We need to check that the fee is not negative even before it is finalized. The setting of fees for SFFO may adjust the fee to be "correct" and no longer negative, but erroneously reduce the amounts too far. So we need to check this condition before we do those adjustments.
author: Andrew Chow <github@achow101.com> 2022-12-05 15:53:18 -0500
committer: Andrew Chow <github@achow101.com> 2022-12-09 14:52:43 -0500
commit: 798430d127521d088c081ee625912a704f415990 (patch)
tree: c004d1e0af1ac24c3f9d69bd4e43a545d858cb55 /src
parent: c1a84f108e320bd44c172a4dd3bb486ab777ff69 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/src/wallet/spend.cpp b/src/wallet/spend.cpp
index a1a98381e5..dd3f0e99d1 100644
--- a/src/wallet/spend.cpp
+++ b/src/wallet/spend.cpp
@@ -964,6 +964,11 @@ static util::Result<CreatedTransactionResult> CreateTransactionInternal(
     Assume(recipients_sum + change_amount == output_value);
     CAmount current_fee = result->GetSelectedValue() - output_value;
 
+    // Sanity check that the fee cannot be negative as that means we have more output value than input value
+    if (current_fee < 0) {
+        return util::Error{Untranslated(STR_INTERNAL_BUG("Fee paid < 0"))};
+    }
+
     // If there is a change output and we overpay the fees then increase the change to match the fee needed
     if (nChangePosInOut != -1 && fee_needed < current_fee) {
         auto& change = txNew.vout.at(nChangePosInOut);
author	Andrew Chow <github@achow101.com>	2022-12-05 15:53:18 -0500
committer	Andrew Chow <github@achow101.com>	2022-12-09 14:52:43 -0500
commit	798430d127521d088c081ee625912a704f415990 (patch)
tree	c004d1e0af1ac24c3f9d69bd4e43a545d858cb55 /src
parent	c1a84f108e320bd44c172a4dd3bb486ab777ff69 (diff)