Beanstalk issues debt even if it doesn't have to
Summary
The Sun.setSoilBelowPeg function expects that the instDeltaB value is always negative. But in case instDeltaB and twaDeltaB are relatively close to 0, these values can have different signs since TWAP value is always "slower" than instant value. So when instDeltaB is positive the twaDeltaB value will be set as minimal because of unsafe type casting. The debt will always increase in such cases despite the almost ideal DeltaB.
Vulnerability Details
The Sun.setSoilBelowPeg function does not check if the instDeltaB value is negative.
If the the instDeltaB value is positive, the value will be unsafety casted to uint256 and the twaDeltaB will be considered as minimal value.
Though the DeltaB is close to zero and debt should not be increased the additional Soil will be issued: "In general, Beanstalk does not need to be particularly aggressive when issuing Soil—it does not want to issue debt if it doesn't have to." (https://github.com/BeanstalkFarms/Beanstalk/pull/802#:~:text=In%20general%2C%20Beanstalk%20does%20not%20need%20to%20be%20particularly%20aggressive%20when%20issuing%20Soil%E2%80%94it%20does%20not%20want%20to%20issue%20debt%20if%20it%20doesn%27t%20have%20to.)
Impact
Unexpected behavior, incorrect Soil amount issuance.
Tools used
Manual Review
Recommendations
Consider checking if instDeltaB > 0 and assign 0 to the variable.
Lead Judging Commences
Unintended soil issuance below peg
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.