In the event of slashing, some users can not save their position/ add collateral

[c4-submissions]

Lines of code

https://github.com/code-423n4/2023-10-badger/blob/f2f2e2cf9965a1020661d179af46cb49e993cb7e/packages/contracts/contracts/BorrowerOperations.sol#L408

Vulnerability details

Impact

Users below the 2 stETH are unable to save their position or add collateral.

Proof of Concept

1. Slashing occurs causing users who previously were having collateral.getPooledEthByShares(1e18) > 1e18 to fall below it by a significant margin.
2. User attempts to save his position in danger, but has to add significantly more than his original position size in order to improve his CR. Thus hurting not only the user but the entire system.

Tools Used

Manual Review

Recommended Mitigation Steps

To add a condition where _requireAtLeastMinNetStEthBalance(collateral.getPooledEthByShares(vars.newCollShares)) is not checked only when collateral.getPooledEthByShares(1e18) <= 1e18 and the _adjustCdpInternal has a positive _stEthBalanceIncrease user is trying to add collateral. Bring back a modified condition of the original code https://github.com/ebtc-protocol/ebtc/blob/bd73ac8c0bf7388b9eacc203e6f43b7de38fe42e/packages/contracts/contracts/BorrowerOperations.sol#L326

Assessed type

Other

[bytes032]

https://badger.com/images/uploads/ebtc-security-review-cantina.pdf

3.1.3

[c4-pre-sort]

bytes032 marked the issue as insufficient quality report

[GalloDaSballo]

Disputing, in the event of slashing they can deposit 2 ETH to get 2 stETH or more, so the idea that they cannot is simply incorrect

Allowing smaller sizes of Cdp Size is a potential existential threat to the protocol (see Raft)

Disagree

[c4-sponsor]

GalloDaSballo (sponsor) disputed

[c4-judge]

jhsagd76 marked the issue as unsatisfactory: Out of scope