fix: check return value from transfer funds (#1351)

Author: karlem

contracts/contracts/gateway/GatewayManagerFacet.sol

@@ -103,7 +103,7 @@ contract GatewayManagerFacet is GatewayActorModifiers, ReentrancyGuard {
         // Release fund flows from Gateway -> SubnetActor -> ReleaseQueue (Locking) -> Validator.
         // Because msg.sender is actually the subnet actor, this method sends the fund back to
         // the subnet actor caller.
-        SubnetActorGetterFacet(msg.sender).collateralSource().transferFunds(payable(msg.sender), amount);
+        SubnetActorGetterFacet(msg.sender).collateralSource().safeTransferFunds(payable(msg.sender), amount);
     }
 
     /// @notice kill an existing subnet.
@@ -126,7 +126,7 @@ contract GatewayManagerFacet is GatewayActorModifiers, ReentrancyGuard {
         delete s.subnets[id];
 
         s.subnetKeys.remove(id);
-        SubnetActorGetterFacet(msg.sender).collateralSource().transferFunds(payable(msg.sender), stake);
+        SubnetActorGetterFacet(msg.sender).collateralSource().safeTransferFunds(payable(msg.sender), stake);
 
         emit SubnetDestroyed(subnet.id);
     }

contracts/contracts/lib/AssetHelper.sol

@@ -14,6 +14,8 @@ library AssetHelper {
     using ExcessivelySafeCall for address;
     using SafeERC20 for IERC20;
 
+    error TransferFailed(address, address, uint256);
+
     uint16 constant private MAX_MEMORY_SIZE = 128;
 
     /// @notice Assumes that the address provided belongs to a subnet rooted on this network,
@@ -82,6 +84,19 @@ library AssetHelper {
         }
     }
 
+    /// @notice Transfers the specified amount out of our treasury to the recipient address. Reverts on failure.
+    function safeTransferFunds(Asset memory asset,
+        address payable recipient,
+        uint256 value
+    ) internal returns (bytes memory) {
+        (bool success, bytes memory ret) = transferFunds(asset, recipient, value);
+        if (!success) {
+            revert TransferFailed(address(this), recipient, value);
+        }
+
+        return ret;
+    }
+
     /// @notice Wrapper for an IERC20 transfer that bubbles up the success or failure
     /// and the return value instead of reverting so a cross-message receipt can be
     /// triggered from the execution.