Lack of validation on token decimals

[robertleifke]

Description:

Users can create pools with decimals that do not reflect the actual decimals the tokens have. This results in the arithmetic being calculated incorrectly.

The Factory contract allows users to set the decimal values for both token0 and token1 tokens in the resulting Lendgine contract when the users call the createLendgine function. The contract does not validate whether these decimal values match the actual number of decimals the token has, allowing an attacker to specify any number between zero and 18.

Action Items:

• Call the decimals method on both token0 and token1 while creating a new Lendgine contract, instead of relying on a user-provided input.
• Document that tokens that do not implement the decimals method are not supported.

[robertleifke]

Ensure that all data from user-provided inputs is validated. Write unit tests specifically targeting these inputs to confirm that appropriate protections are in place within the system. This will prevent unexpected behavior from unexpected inputs.