fix: support fallback to sequential batch (MetaMask#17449)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

This PR aims to apply fixes implemented in Transaction controller to
v59.0.0.

- add support for the scenario when STX is disable for batch transaction
it now returns undefined and this is handle in the transaction
controller (MetaMask/core#6063) using the
fallback to sequential batch.
- updates the `getMethodName` utility to normalise the transaction data
to lowercase before comparing it against known ABI method selectors.
[PR](MetaMask/core#6102)

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: Added normalization to the `getMethodName` utility to
normalise the transaction data to lowercase before comparing it against
known ABI method selectors.

## **Related issues**

Fixes: MetaMask/MetaMask-planning#5301 and
MetaMask/MetaMask-planning#5338

## **Manual testing steps**

1. Open the MetaMask mobile wallet (Android or iOS).
2. Navigate to the dApp:
[https://pocs.neplox.security/metamask-mobile-hack13378158bfadd32/](https://pocs.neplox.security/metamask-mobile-hack13378158bfadd32/)
3. Connect your wallet to the dApp.
4. Trigger the malicious transaction by invoking the `sendTransaction()`
function from the page.
5. Observe the transaction preview in MetaMask:
   - No spending cap warning
   - Missing token name
- Unresolved "to" address (even if it's a well-known address like USDC)
   - Generic "Approve" label shown without context.

## **Screenshots/Recordings**


[spend_cap_2.webm](https://github.com/user-attachments/assets/6ffef452-13ce-4f22-9e71-41dd9f03f781)



[sequential_fallback.webm](https://github.com/user-attachments/assets/f6e9c3a3-03ea-4ada-b2a2-9364aaef6544)

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [x] I’ve followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile
Coding
Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I’ve included tests if applicable
- [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

Author: vinistevam

app/core/Engine/controllers/transaction-controller/transaction-controller-init.ts

@@ -221,9 +221,7 @@ function publishBatchSmartTransactionHook({
     getSmartTransactionCommonParams(state, transactionMeta.chainId);
 
   if (!shouldUseSmartTransaction) {
-    throw new Error(
-      'publishBatchSmartTransactionHook: Smart Transaction is required for batch submissions',
-    );
+    return Promise.resolve(undefined);
   }
 
   return submitBatchSmartTransactionHook({

app/util/transactions/index.js

@@ -275,7 +275,7 @@ export function generateTransferData(type = undefined, opts = {}) {
  * @returns {string | undefined} The four-byte signature if data is provided, otherwise undefined.
  */
 export function getFourByteSignature(data) {
-  return data?.substring(0, 10);
+  return data?.substring(0, 10)?.toLowerCase();
 }
 
 /**
@@ -376,6 +376,15 @@ export function decodeTransferData(type, data) {
   }
 }
 
+/**
+ * Normalizes a hexadecimal string to lowercase.
+ * @param {string} hexString - The hexadecimal string to normalize.
+ * @returns {string} - The normalized lowercase hexadecimal string.
+ */
+function normalizeHex(hexString) {
+  return hexString?.toLowerCase() || '';
+}
+
 /**
  * @typedef {Object} MethodData
  * @property {string} name - The method name
@@ -389,20 +398,30 @@ export function decodeTransferData(type, data) {
  */
 export async function getMethodData(data, networkClientId) {
   if (data.length < 10) return {};
-  const fourByteSignature = getFourByteSignature(data);
-  if (fourByteSignature === TRANSFER_FUNCTION_SIGNATURE) {
+
+  const fourByteSignature = normalizeHex(getFourByteSignature(data));
+
+  if (fourByteSignature === normalizeHex(TRANSFER_FUNCTION_SIGNATURE)) {
     return { name: TOKEN_METHOD_TRANSFER };
-  } else if (fourByteSignature === TRANSFER_FROM_FUNCTION_SIGNATURE) {
+  } else if (
+    fourByteSignature === normalizeHex(TRANSFER_FROM_FUNCTION_SIGNATURE)
+  ) {
     return { name: TOKEN_METHOD_TRANSFER_FROM };
-  } else if (fourByteSignature === APPROVE_FUNCTION_SIGNATURE) {
+  } else if (fourByteSignature === normalizeHex(APPROVE_FUNCTION_SIGNATURE)) {
     return { name: TOKEN_METHOD_APPROVE };
-  } else if (fourByteSignature === INCREASE_ALLOWANCE_SIGNATURE) {
+  } else if (fourByteSignature === normalizeHex(INCREASE_ALLOWANCE_SIGNATURE)) {
     return { name: TOKEN_METHOD_INCREASE_ALLOWANCE };
-  } else if (fourByteSignature === SET_APPROVAL_FOR_ALL_SIGNATURE) {
+  } else if (
+    fourByteSignature === normalizeHex(SET_APPROVAL_FOR_ALL_SIGNATURE)
+  ) {
     return { name: TOKEN_METHOD_SET_APPROVAL_FOR_ALL };
-  } else if (data.substr(0, 32) === CONTRACT_CREATION_SIGNATURE) {
+  } else if (
+    normalizeHex(data.substr(0, 32)) ===
+    normalizeHex(CONTRACT_CREATION_SIGNATURE)
+  ) {
     return { name: CONTRACT_METHOD_DEPLOY };
   }
+
   // If it's a new method, use on-chain method registry
   try {
     const registryObject = await handleMethodData(

app/util/transactions/index.test.ts

@@ -526,6 +526,14 @@ describe('Transactions utils :: getMethodData', () => {
       MOCK_NETWORK_CLIENT_ID,
     );
   });
+
+  it('calls handleMethodData with normalized 4-byte data', async () => {
+    const transferData =
+      '0xA9059CBB00000000000000000000000056ced0d816c668d7c0bcc3fbf0ab2c6896f589a';
+    const result = await getMethodData(transferData, MOCK_NETWORK_CLIENT_ID);
+
+    expect(result.name).toStrictEqual(TOKEN_METHOD_TRANSFER);
+  });
 });
 
 describe('Transactions utils :: getActionKey', () => {