In latestAnswer(), the assumption is made that TOKEN_DECIMALS is less than 18.
Add a simple check to the constructor to ensure the added token has 18 decimals or less
- ConsenSys Audit Aave CPM Finding 6.2
- Specification Input Validation
- Token Decimals > 18 -> Underflow
- Validate or Document
- Design Assumption