fix: Inspect wallet_invokeMethod requests before sending (#3819)

Inspect payloads for `wallet_invokeMethod` to ensure that blocked RPC
methods remain blocked. We block a subset of the RPC methods blocked in
the EIP-1193 provider for the multichain API, but notably unblock
`eth_signTransaction`.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Strengthens multichain request validation and tests.
> 
> - Adds `assertMultichainOutboundRequest` and invokes it for
`snap.request` multichain calls; inspects `wallet_invokeMethod` payloads
and blocks `snap_*` and a defined subset of sensitive RPC methods
> - Updates `BaseSnapExecutor` to route multichain requests through the
new validator
> - Expands tests: establish session before multichain calls, verify
allowed `eth_chainId`, and assert blocking of
`metamask_sendDomainMetadata`; preserves JSON sanitization checks
> - Slight coverage increase in `coverage.json`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
6ff084b. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

Author: FrederikBolding

packages/snaps-execution-environments/coverage.json

@@ -1,6 +1,6 @@
 {
   "branches": 90.19,
-  "functions": 94.02,
-  "lines": 90.26,
-  "statements": 89.32
+  "functions": 95.45,
+  "lines": 91.16,
+  "statements": 90.33
 }

packages/snaps-execution-environments/src/common/BaseSnapExecutor.test.browser.ts

@@ -614,7 +614,10 @@ describe('BaseSnapExecutor', () => {
 
   it('supports the multichain API using the snap global', async () => {
     const CODE = `
-      module.exports.onRpcRequest = () => snap.request({ method: 'wallet_invokeMethod', params: { scope: 'eip155:1', request: { method: 'eth_chainId' } } });
+      module.exports.onRpcRequest = async () => {
+        await snap.request({ method: 'wallet_createSession', params: {} });
+        return snap.request({ method: 'wallet_invokeMethod', params: { scope: 'eip155:1', request: { method: 'eth_chainId' } } });
+      };
     `;
 
     const executor = new TestSnapExecutor();
@@ -638,6 +641,17 @@ describe('BaseSnapExecutor', () => {
       ],
     });
 
+    const sessionRequest = await executor.readRpc();
+    await executor.writeRpc({
+      name: 'metamask-multichain-provider',
+      data: {
+        jsonrpc: '2.0',
+        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+        id: sessionRequest.data.id!,
+        result: { sessionScopes: {} },
+      },
+    });
+
     const multichainRequest = await executor.readRpc();
     expect(multichainRequest).toStrictEqual({
       name: 'metamask-multichain-provider',
@@ -671,6 +685,52 @@ describe('BaseSnapExecutor', () => {
     });
   });
 
+  it('blocks certain RPC methods using the multichain API', async () => {
+    const CODE = `
+      module.exports.onRpcRequest = () => snap.request({ method: 'wallet_invokeMethod', params: { scope: 'eip155:1', request: { method: 'metamask_sendDomainMetadata' } } });
+    `;
+
+    const executor = new TestSnapExecutor();
+    await executor.executeSnap(1, MOCK_SNAP_ID, CODE, []);
+
+    expect(await executor.readCommand()).toStrictEqual({
+      jsonrpc: '2.0',
+      id: 1,
+      result: 'OK',
+    });
+
+    await executor.writeCommand({
+      jsonrpc: '2.0',
+      id: 2,
+      method: 'snapRpc',
+      params: [
+        MOCK_SNAP_ID,
+        HandlerType.OnRpcRequest,
+        MOCK_ORIGIN,
+        { jsonrpc: '2.0', method: '', params: [] },
+      ],
+    });
+
+    expect(await executor.readCommand()).toStrictEqual({
+      jsonrpc: '2.0',
+      id: 2,
+      error: {
+        code: -31001,
+        message: 'Wrapped Snap Error',
+        data: {
+          cause: expect.objectContaining({
+            code: -32601,
+            message: 'The method does not exist / is not available.',
+            data: {
+              cause: null,
+              method: 'metamask_sendDomainMetadata',
+            },
+          }),
+        },
+      },
+    });
+  });
+
   it('sanitizes JSON before checking for blocked methods using snap global', async () => {
     const CODE = `
     const badToJSON = () => {

packages/snaps-execution-environments/src/common/BaseSnapExecutor.ts

@@ -49,6 +49,7 @@ import {
   withTeardown,
   isValidResponse,
   isMultichainRequest,
+  assertMultichainOutboundRequest,
 } from './utils';
 import {
   ExecuteSnapRequestArgumentsStruct,
@@ -547,6 +548,7 @@ export class BaseSnapExecutor {
       assertSnapOutboundRequest(sanitizedArgs);
 
       if (isMultichainRequest(sanitizedArgs)) {
+        assertMultichainOutboundRequest(sanitizedArgs);
         return await withTeardown(
           originalMultichainRequest(sanitizedArgs),
           this as any,

packages/snaps-execution-environments/src/common/utils.ts

@@ -70,6 +70,19 @@ export const MULTICHAIN_API_METHODS = Object.freeze([
   'wallet_revokeSession',
 ]);
 
+// Subset of BLOCKED_RPC_METHODS
+export const BLOCKED_MULTICHAIN_RPC_METHODS = Object.freeze([
+  'wallet_requestPermissions',
+  'wallet_revokePermissions',
+  'eth_decrypt',
+  'eth_getEncryptionPublicKey',
+  'metamask_sendDomainMetadata',
+  'wallet_addEthereumChain',
+  'wallet_watchAsset',
+  'wallet_registerOnboarding',
+  'wallet_scanQRCode',
+]);
+
 /**
  * Check whether a validated request should be routed to the multichain API.
  *
@@ -80,6 +93,45 @@ export function isMultichainRequest(args: RequestArguments) {
   return MULTICHAIN_API_METHODS.includes(args.method);
 }
 
+/**
+ * Asserts the validity of request arguments for a multichain outbound request using the `snap.request` API.
+ *
+ * @param args - The arguments to validate.
+ */
+export function assertMultichainOutboundRequest(args: RequestArguments) {
+  if (args.method !== 'wallet_invokeMethod') {
+    return;
+  }
+
+  // For `wallet_invokeMethod`, we need to inspect the parameters to determine
+  // if the Snap is requesting a blocked RPC method.
+  assert(
+    isObject(args.params) &&
+      isObject(args.params.request) &&
+      typeof args.params.request.method === 'string',
+    rpcErrors.invalidParams(),
+  );
+
+  const innerMethod = args.params.request.method;
+
+  assert(
+    !String.prototype.startsWith.call(innerMethod, 'snap_'),
+    rpcErrors.methodNotFound({
+      data: {
+        method: innerMethod,
+      },
+    }),
+  );
+  assert(
+    !BLOCKED_MULTICHAIN_RPC_METHODS.includes(innerMethod),
+    rpcErrors.methodNotFound({
+      data: {
+        method: innerMethod,
+      },
+    }),
+  );
+}
+
 /**
  * Asserts the validity of request arguments for a snap outbound request using the `snap.request` API.
  *