If btcwallet is hit with many RPC requests to create a transaction (such as sendfrom/sendmany/sendtoaddress) at the same time, the requests will be handled concurrently. Even though there is no data race (as access to transaction store is protected by a mutex), this is a logical race as each request handler will end up choosing some of the same inputs for both transactions, resulting in double spends.

To fix this, a new goroutine which is solely responsible for transaction creation, or even just input selection (if "returning" previously chosen inputs is allowed), should be run, and all sendfrom/many/toaddress requests must communicate with this goroutine to create and sign the transaction.

This did not use to be an issue as all client RPC requests were previously handled serialized.