function _normalizeDecimals only normalizes amounts of tokens that have less than 18 decimals. Tokens that have more than 18 decimals are not handled by this function. Some tokens can have more than 18 decimals, e.g. YAM-V2 has 24. I didn't get an answer on Discord about this so submitting anyway and you can decide if that's an issue or intended behavior.
Recommended Mitigation Steps
Consider handling cases of tokens with >18 decimals.
Handle
pauliax
Vulnerability details
Impact
function _normalizeDecimals only normalizes amounts of tokens that have less than 18 decimals. Tokens that have more than 18 decimals are not handled by this function. Some tokens can have more than 18 decimals, e.g. YAM-V2 has 24. I didn't get an answer on Discord about this so submitting anyway and you can decide if that's an issue or intended behavior.
Recommended Mitigation Steps
Consider handling cases of tokens with >18 decimals.