Logic Inconsistency in get_farmed_amount leading to Integer Underflow (18.4 Quintillion mojos)

[faster-tafi]

What happened?

There is a logic flaw in the reward calculation within the Wallet RPC API. The code performs subtraction on unsigned integers without prior validation, which can result in an integer underflow. This causes the RPC to report an astronomical farmed amount (~18.4 Quintillion mojos) if the record amount is less than the base farmer reward.

What happened?
Steps to reproduce:

Locate chia/wallet/wallet_rpc_api.py around line 2979.

The code calculates fees using: fee_amount += record.amount - base_farmer_reward.

In scenarios where a FEE_REWARD record exists with an amount < base_farmer_reward (e.g., local DB corruption, legacy sync data, or chain reorg artifacts), the subtraction results in a negative value.

Since the result is later cast to uint64, it triggers an underflow.

Expected Result:
The calculation should include a safety check or be clamped to zero to prevent underflow and ensure data integrity.

Actual Result:
The RPC returns 18,446,744,073,709,551,615 mojos, leading to critical misreporting in the UI and 3rd-party accounting tools.

Version

Latest Stable (Confirmed by source code audit of current main branch)

What platform are you using?

Windows

What ui mode are you using?

CLI

Relevant log output

# Location: chia/wallet/wallet_rpc_api.py

# Current vulnerable code:
fee_amount += record.amount - base_farmer_reward

# Proposed fix:
fee_amount += max(0, record.amount - base_farmer_reward)

[KoxyG]

Hi, I would love to be assigned to this issue. I would fix the calculation and make it include a safety check or be clamped to zero to prevent underflow and ensure data integrity, thereby following best practices.

[emlowe]

One cannot have a FEE_RECORD tx amount less than base_farmer_reward - as this is the definition of a farmer reward.

see for example, is_farmer_reward. Your explanation of "e.g., local DB corruption, legacy sync data, or chain reorg artifacts" makes no sense.

neither legacy sync data - whatever that is, or chain reorg artifacts will change this. DB corruption is certainly fatal to everything in the wallet

[BrandtH22]

Hey @KoxyG we welcome any and all community PRs, feel free to work on this resolution.

In the meantime we are moving this to the discussions section and tagging as an enhancement so it can be tracked in the proper workload