If 2 tokens have different decimals, price returned from `_getReferencePoolPriceX96()` can be wrong

[c4-bot-10]

Lines of code

https://github.com/code-423n4/2024-03-revert-lend/blob/main/src/V3Oracle.sol#L359-#L374

Vulnerability details

Vulnerability detail

Function _getReferencePoolPriceX96() is used to return price of the pool:

function _getReferencePoolPriceX96(IUniswapV3Pool pool, uint32 twapSeconds) internal view returns (uint256) {
    uint160 sqrtPriceX96;
    // if twap seconds set to 0 just use pool price
    if (twapSeconds == 0) {
        (sqrtPriceX96,,,,,,) = pool.slot0();
    } else {
        uint32[] memory secondsAgos = new uint32[](2);
        secondsAgos[0] = 0; // from (before)
        secondsAgos[1] = twapSeconds; // from (before)
        (int56[] memory tickCumulatives,) = pool.observe(secondsAgos); // pool observe may fail when there is not enough history available (only use pool with enough history!)
        int24 tick = int24((tickCumulatives[0] - tickCumulatives[1]) / int56(uint56(twapSeconds)));
        sqrtPriceX96 = TickMath.getSqrtRatioAtTick(tick);
    }

    return FullMath.mulDiv(sqrtPriceX96, sqrtPriceX96, Q96);
}

It is assumed that both tokens have same decimals. If a pool have 2 tokens that have decimals (example: weth/usdc), price return will be bigger alot than it should. Issue that related to different decimals is also discussed at here

Impact

Price will be wrongly returned, lead to unexpected result

Tools Used

Manual review

Recommended Mitigation Steps

Checking decimals of both tokens in the pool and adjust the price returned based on them

Assessed type

Other

[c4-pre-sort]

0xEVom marked the issue as sufficient quality report

[c4-pre-sort]

0xEVom marked the issue as insufficient quality report

[0xEVom]

Price is denominated in wei, not in the decimals of the assets.

[c4-judge]

jhsagd76 marked the issue as unsatisfactory: Invalid