Price incorrectly being considered to be in range and will output non-zero value for token 0 and token 1

[c4-bot-7]

Lines of code

https://github.com/code-423n4/2024-08-superposition/blob/4528c9d2dbe1550d2660dac903a8246076044905/pkg/seawater/src/pool.rs#L224

Vulnerability details

Impact

When price is within a range, liquidity is assumed to be active and thus both token 0 and token 1 amounts should be non-zero and when out of range token 0 or token 1 is returned and not both ,but based on the conditions checked for when liquidity is to be changed, both token 0 and token 1 will be returned as non-zero when current tick is equal to lower (it is assumed to be range based on an erroneous condition).

Proof of Concept

Price can either be at or below the lower or upper tick range, but based on this check [(https://github.com/code-423n4/2024-08-superposition/blob/4528c9d2dbe1550d2660dac903a8246076044905/pkg/seawater/src/pool.rs#L193)] ,if current tick == lower ,the first condition () will be skipped and current tick< upper will return true since tick is still less than upper but equal to lower.This should not be so , as current tick is at the boundary and not within range (it is below or equal to lower range).In the other case when current tick is above or equal to upper tick, the logic is correct because if current tick is equal to upper , only this condition is executed (https://github.com/code-423n4/2024-08-superposition/blob/4528c9d2dbe1550d2660dac903a8246076044905/pkg/seawater/src/pool.rs#L224) but for below or equal to lower tick, this isn't the same due to the aforementioned.

Tools Used

Manual analysis

Recommended Mitigation Steps

In the first condition check that current tick is less than or equal to lower.

Assessed type

Context