Summary

The Sun.setSoilBelowPeg function expects that the instDeltaB value is always negative. But in case instDeltaB and twaDeltaB are relatively close to 0, these values can have different signs since TWAP value is always "slower" than instant value. So when instDeltaB is positive the twaDeltaB value will be set as minimal because of unsafe type casting. The debt will always increase in such cases despite the almost ideal DeltaB.

Vulnerability Details

The Sun.setSoilBelowPeg function does not check if the instDeltaB value is negative.

If the the instDeltaB value is positive, the value will be unsafety casted to uint256 and the twaDeltaB will be considered as minimal value.
Though the DeltaB is close to zero and debt should not be increased the additional Soil will be issued: "In general, Beanstalk does not need to be particularly aggressive when issuing Soil—it does not want to issue debt if it doesn't have to." (https://github.com/BeanstalkFarms/Beanstalk/pull/802#:~:text=In general%2C Beanstalk does not need to be particularly aggressive when issuing Soil—it does not want to issue debt if it doesn't have to.)

Impact

Unexpected behavior, incorrect Soil amount issuance.

Tools used

Manual Review

Recommendations

Consider checking if instDeltaB > 0 and assign 0 to the variable.