Conversion between different units does not account for token decimals
Description
The functions _borrow and _repay in the hook contracts are used to borrow and repay to Aave.
Taking an example of _repay, this function calculates the amount to be repaid using balanceOf on the variable debt token as well as the current balance of borrow tokens using balanceOf on the borrow token.
If the amount to be repaid is greater than the current balance of borrow tokens, the function _swapForMissingBorrowToken withdraws the deposit token and swaps these tokens to borrow tokens to repay the amount to Aave.
The amount to be withdrawn is calculated by the following code:
function _swapForMissingBorrowToken(
address borrowToken,
uint256 amountNeeded
) internal {
ERC20 depositToken = strategyDepositToken;
uint256 exchangeRate = (aaveOracle.getAssetPrice(borrowToken) *
105e16) / aaveOracle.getAssetPrice(address(depositToken));
uint256 amountToWithdraw = ((exchangeRate * amountNeeded) / 1e18);
_withdraw(amountToWithdraw, false);
_swap(amountToWithdraw, depositToken, 1);
}Although this would work if both tokens are of the same decimals, there would be an issue if these tokens (depositToken and borrowToken) are of different decimals.
For example, if borrowToken is ETH and depositToken is USDC, and the amountNeeded is 100 ETH, assuming the price of ETH to be $1,200, the value of amountToWithdraw would be calculated as 126,000e18 whereas it should be 126,000e6.
The same issue is also present in the _repay function.
Impact
Incorrect decimal conversion might lead to incorrect values during _borrow and _repay.
Recommendations
Take into account the decimals for all the tokens while such conversions take place.