evm: Explicitly check staticcalls (#375)

* evm: Explicitly check staticcalls

* Add check to test helper

* Add negative test

Author: djb15

evm/src/NttManager/NttManager.sol

@@ -531,7 +531,13 @@ contract NttManager is INttManager, RateLimiter, ManagerBase {
     }
 
     function tokenDecimals() public view override(INttManager, RateLimiter) returns (uint8) {
-        (, bytes memory queriedDecimals) = token.staticcall(abi.encodeWithSignature("decimals()"));
+        (bool success, bytes memory queriedDecimals) =
+            token.staticcall(abi.encodeWithSignature("decimals()"));
+
+        if (!success) {
+            revert StaticcallFailed();
+        }
+
         return abi.decode(queriedDecimals, (uint8));
     }
 
@@ -572,8 +578,13 @@ contract NttManager is INttManager, RateLimiter, ManagerBase {
         address tokenAddr,
         address accountAddr
     ) internal view returns (uint256) {
-        (, bytes memory queriedBalance) =
+        (bool success, bytes memory queriedBalance) =
             tokenAddr.staticcall(abi.encodeWithSelector(IERC20.balanceOf.selector, accountAddr));
+
+        if (!success) {
+            revert StaticcallFailed();
+        }
+
         return abi.decode(queriedBalance, (uint256));
     }
 }

evm/src/interfaces/INttManager.sol

@@ -117,6 +117,10 @@ interface INttManager is IManagerBase {
     /// @notice Peer cannot have zero decimals.
     error InvalidPeerDecimals();
 
+    /// @notice Staticcall reverted
+    /// @dev Selector 0x1222cd83
+    error StaticcallFailed();
+
     /// @notice Error when someone other than the original sender tries to cancel a queued outbound transfer.
     /// @dev Selector 0xceb40a85.
     /// @param canceller The address trying to cancel the transfer.

evm/src/mocks/DummyToken.sol

@@ -54,3 +54,13 @@ contract DummyTokenDifferentDecimals is DummyTokenMintAndBurn {
         return _decimals;
     }
 }
+
+contract DummyTokenBroken is DummyToken {
+    function decimals() public pure override returns (uint8) {
+        revert("broken decimals");
+    }
+
+    function balanceOf(address) public pure override returns (uint256) {
+        revert("broken balanceOf");
+    }
+}

evm/test/NttManager.t.sol

@@ -230,6 +230,22 @@ contract TestNttManager is Test, IRateLimiterEvents {
         assertEq(nttManager.isPaused(), false);
     }
 
+    // === deployment with invalid token
+    function test_brokenToken() public {
+        DummyToken t = new DummyTokenBroken();
+        NttManager implementation = new MockNttManagerContract(
+            address(t), IManagerBase.Mode.LOCKING, chainId, 1 days, false
+        );
+
+        NttManager newNttManager =
+            MockNttManagerContract(address(new ERC1967Proxy(address(implementation), "")));
+        vm.expectRevert(abi.encodeWithSelector(INttManager.StaticcallFailed.selector));
+        newNttManager.initialize();
+
+        vm.expectRevert(abi.encodeWithSelector(INttManager.StaticcallFailed.selector));
+        newNttManager.transfer(1, 1, bytes32("1"));
+    }
+
     // === transceiver registration
 
     function test_registerTransceiver() public {

evm/test/libraries/NttManagerHelpers.sol

@@ -4,6 +4,7 @@ pragma solidity >=0.8.8 <0.9.0;
 
 import "../../src/libraries/TrimmedAmount.sol";
 import "../../src/NttManager/NttManager.sol";
+import "../../src/interfaces/INttManager.sol";
 
 library NttManagerHelpersLib {
     uint16 constant SENDING_CHAIN_ID = 1;
@@ -16,8 +17,13 @@ library NttManagerHelpersLib {
         NttManager recipientNttManager,
         uint8 decimals
     ) internal {
-        (, bytes memory queriedDecimals) =
+        (bool success, bytes memory queriedDecimals) =
             address(nttManager.token()).staticcall(abi.encodeWithSignature("decimals()"));
+
+        if (!success) {
+            revert INttManager.StaticcallFailed();
+        }
+
         uint8 tokenDecimals = abi.decode(queriedDecimals, (uint8));
         recipientNttManager.setPeer(
             SENDING_CHAIN_ID, toWormholeFormat(address(nttManager)), tokenDecimals, type(uint64).max