Unclear decimals value in `cTokenAggregator`

[code423n4]

Handle

cmichel

Vulnerability details

Vulnerability Details

The cTokenAggregator.decimals value is set to 18 but cTokens only have 8 decimals. It's unclear what this decimals field refers to.

Recommended Mitigation Steps

If it should refer to the cToken decimals, it's wrong and should be set to 8. This value is not used inside the contract but it's public and anyone can read it.

[jeffywu]

Decimals refers to the decimals in the exchange rate, but we should add a comment here. Agree it is confusing.