Ticks can get out of range during deposit/withdrawal

Summary

The _setTicks function is intended to adjust the tick positions for the main and alternative liquidity positions within the strategy to maximize the reward received for providing liquidity. However, there is a potential issue where the _setTicks function is not called before deposit and withdrawal, leading to a situation where the liquidity positions could fall outside the optimal range of ticks.

Vulnerability Detail

The issue arises in the withdraw/deposit functions. Depending on the width of the ticks range, tokens value can easily become out of range due to a large delta position. While there is an implementation for rebalancers to adjust the tick, there need to be an assurance when liquidity is added that liquidity is not added to an out of range position.

Impact

Medium impact as it leads to reduced rewards as positions out of range do not accrue rewards.

Code Snippet

https://github.com/sherlock-audit/2024-05-beefy-cowcentrated-liquidity-manager/blob/main/cowcentrated-contracts/contracts/strategies/velodrome/StrategyPassiveManagerVelodrome.sol#L226-L240

Tool used

Manual Review

Recommendation

Add _setTicks in _addLiquidity like below

function _addLiquidity() private {
        _whenStrategyNotPaused();
        _setTicks();

        (uint256 bal0, uint256 bal1) = balancesOfThis();

        int24 mainLower = positionMain.tickLower;
        int24 mainUpper = positionMain.tickUpper;
        int24 altLower = positionAlt.tickLower;
        int24 altUpper = positionAlt.tickUpper;

Duplicate of #63

sherlock-audit / 2024-05-beefy-cowcentrated-liquidity-manager-judging

John_Femi - Ticks can get out of range during deposit/withdrawal #125