From e1243a1664847626f1f922d1cae7311b887a45dd Mon Sep 17 00:00:00 2001
From: jiexi <jiexiluan@gmail.com>
Date: Tue, 19 Nov 2024 14:46:20 -0800
Subject: [PATCH] feat: add well formed `eip155` reference value check to
 `multichain` package (#4945)

## Explanation

Fixes bug where `0` prefixed and `e` exponent suffixed eip155 references
were allowed. This PR adds eip155 reference validation against regex.

I'm unsure if this belongs in validation checks, or the supported
checks. Validation checks currently do not check for ecosystem specific
constraints

## References

<!--
Are there any issues that this pull request is tied to?
Are there other links that reviewers should consult to understand these
changes better?
Are there client or consumer pull requests to adopt any breaking
changes?

For example:

* Fixes #12345
* Related to #67890
-->

## Changelog

Package has not been released yet. No changelog necessary

## Checklist

- [ ] I've updated the test suite for new or updated code as appropriate
- [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [ ] I've highlighted breaking changes using the "BREAKING" category
above as appropriate
- [ ] I've prepared draft pull requests for clients and consumer
packages to resolve any breaking changes
---
 packages/multichain/src/scope/constants.ts      |  9 +++++++++
 packages/multichain/src/scope/supported.test.ts | 10 ++++++++++
 packages/multichain/src/scope/supported.ts      |  7 ++++++-
 3 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/packages/multichain/src/scope/constants.ts b/packages/multichain/src/scope/constants.ts
index 8610638b5df..6a9427fd4f0 100644
--- a/packages/multichain/src/scope/constants.ts
+++ b/packages/multichain/src/scope/constants.ts
@@ -9,6 +9,15 @@ export enum KnownWalletScopeString {
   Eip155 = 'wallet:eip155',
 }
 
+/**
+ * Regexes defining how references must be formed for non-wallet known CAIP namespaces
+ */
+export const CaipReferenceRegexes: Record<NonWalletKnownCaipNamespace, RegExp> =
+  {
+    eip155: /^(0|[1-9][0-9]*)$/u,
+    bip122: /.*/u,
+  };
+
 /**
  * Methods that do not belong exclusively to any CAIP namespace.
  */
diff --git a/packages/multichain/src/scope/supported.test.ts b/packages/multichain/src/scope/supported.test.ts
index fd488cfd719..4f431110b70 100644
--- a/packages/multichain/src/scope/supported.test.ts
+++ b/packages/multichain/src/scope/supported.test.ts
@@ -106,6 +106,16 @@ describe('Scope Support', () => {
         false,
       );
     });
+
+    it('returns false for the ethereum namespace when the reference is malformed', () => {
+      const isChainIdSupportedMock = jest.fn().mockReturnValue(true);
+      expect(isSupportedScopeString('eip155:01', isChainIdSupportedMock)).toBe(
+        false,
+      );
+      expect(isSupportedScopeString('eip155:1e1', isChainIdSupportedMock)).toBe(
+        false,
+      );
+    });
   });
 
   describe('isSupportedAccount', () => {
diff --git a/packages/multichain/src/scope/supported.ts b/packages/multichain/src/scope/supported.ts
index 7bb21e36525..e05e2c4dbfb 100644
--- a/packages/multichain/src/scope/supported.ts
+++ b/packages/multichain/src/scope/supported.ts
@@ -3,6 +3,7 @@ import type { CaipAccountId, Hex } from '@metamask/utils';
 import { KnownCaipNamespace, parseCaipAccountId } from '@metamask/utils';
 
 import {
+  CaipReferenceRegexes,
   KnownNotifications,
   KnownRpcMethods,
   KnownWalletNamespaceRpcMethods,
@@ -27,7 +28,11 @@ export const isSupportedScopeString = (
     case KnownCaipNamespace.Wallet:
       return !reference || reference === KnownCaipNamespace.Eip155;
     case KnownCaipNamespace.Eip155:
-      return !reference || isChainIdSupported(toHex(reference));
+      return (
+        !reference ||
+        (CaipReferenceRegexes.eip155.test(reference) &&
+          isChainIdSupported(toHex(reference)))
+      );
     default:
       return false;
   }