feat: add well formed eip155 reference value check to multichain …

…package (#4945)

## Explanation

Fixes bug where `0` prefixed and `e` exponent suffixed eip155 references
were allowed. This PR adds eip155 reference validation against regex.

I'm unsure if this belongs in validation checks, or the supported
checks. Validation checks currently do not check for ecosystem specific
constraints

## References

<!--
Are there any issues that this pull request is tied to?
Are there other links that reviewers should consult to understand these
changes better?
Are there client or consumer pull requests to adopt any breaking
changes?

For example:

* Fixes #12345
* Related to #67890
-->

## Changelog

Package has not been released yet. No changelog necessary

## Checklist

- [ ] I've updated the test suite for new or updated code as appropriate
- [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [ ] I've highlighted breaking changes using the "BREAKING" category
above as appropriate
- [ ] I've prepared draft pull requests for clients and consumer
packages to resolve any breaking changes

packages/multichain/src/scope/constants.ts

@@ -9,6 +9,15 @@ export enum KnownWalletScopeString {
   Eip155 = 'wallet:eip155',
 }
 
+/**
+ * Regexes defining how references must be formed for non-wallet known CAIP namespaces
+ */
+export const CaipReferenceRegexes: Record<NonWalletKnownCaipNamespace, RegExp> =
+  {
+    eip155: /^(0|[1-9][0-9]*)$/u,
+    bip122: /.*/u,
+  };
+
 /**
  * Methods that do not belong exclusively to any CAIP namespace.
  */

packages/multichain/src/scope/supported.test.ts

@@ -106,6 +106,16 @@ describe('Scope Support', () => {
         false,
       );
     });
+
+    it('returns false for the ethereum namespace when the reference is malformed', () => {
+      const isChainIdSupportedMock = jest.fn().mockReturnValue(true);
+      expect(isSupportedScopeString('eip155:01', isChainIdSupportedMock)).toBe(
+        false,
+      );
+      expect(isSupportedScopeString('eip155:1e1', isChainIdSupportedMock)).toBe(
+        false,
+      );
+    });
   });
 
   describe('isSupportedAccount', () => {

packages/multichain/src/scope/supported.ts

@@ -3,6 +3,7 @@ import type { CaipAccountId, Hex } from '@metamask/utils';
 import { KnownCaipNamespace, parseCaipAccountId } from '@metamask/utils';
 
 import {
+  CaipReferenceRegexes,
   KnownNotifications,
   KnownRpcMethods,
   KnownWalletNamespaceRpcMethods,
@@ -27,7 +28,11 @@ export const isSupportedScopeString = (
     case KnownCaipNamespace.Wallet:
       return !reference || reference === KnownCaipNamespace.Eip155;
     case KnownCaipNamespace.Eip155:
-      return !reference || isChainIdSupported(toHex(reference));
+      return (
+        !reference ||
+        (CaipReferenceRegexes.eip155.test(reference) &&
+          isChainIdSupported(toHex(reference)))
+      );
     default:
       return false;
   }