The smart contract doesn't behave correctly if deployed with token that have decimals > 18.
Proof of Concept
The functions tokenToWad and wadToToken revert if the tokenDecimals is > 18.
These functions are called in critical places like deposit() and withdraw.
Recommended Mitigation Steps
Consider checking in the constructor that _tokenDecimals is <= 18.
Handle
s1m0
Vulnerability details
Impact
The smart contract doesn't behave correctly if deployed with token that have decimals > 18.
Proof of Concept
The functions tokenToWad and wadToToken revert if the tokenDecimals is > 18. These functions are called in critical places like deposit() and withdraw.
Recommended Mitigation Steps
Consider checking in the constructor that _tokenDecimals is <= 18.