`_getOnchainPrice` will return a price with 28 decimals rather than 18

Summary

_getOnchainPrice will return a price with 28 decimals rather than 18.

Vulnerability Detail

_getOnchainPrice expects that the value returned by Chainlink oracle will have 8 decimals and hence multiplies the value with 10^10 to have 18 decimals. But, this is not always the case. Chainlink oracles also return prices with 18 decimals. This is the case with the reth oracle on base. It has 18 decimals and hence the multiplication with 10^10 will give out a price of 28 decimals which is incorrect. Check the oracle here - https://docs.chain.link/data-feeds/price-feeds/addresses?network=base&page=1&search=reth

Impact

The wrong price value is used by the protocol.

Code Snippet

https://github.com/sherlock-audit/2023-12-flatmoney/blob/bba4f077a64f43fbd565f8983388d0e985cb85db/flatcoin-v1/src/OracleModule.sol#L138C1-L158C1

Tool used

Manual Review

Recommendation

Multiply the price value with the correct number of decimals to get price in terms of 18 decimals.

Duplicate of #279

sherlock-audit / 2023-12-flatmoney-judging

ni8mare - `_getOnchainPrice` will return a price with 28 decimals rather than 18 #238

`_getOnchainPrice` will return a price with 28 decimals rather than 18

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

sherlock-audit / 2023-12-flatmoney-judging

ni8mare - `_getOnchainPrice` will return a price with 28 decimals rather than 18 #238

_getOnchainPrice will return a price with 28 decimals rather than 18

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

`_getOnchainPrice` will return a price with 28 decimals rather than 18