chore(runway): cherry-pick fix: fix block explorer redirection cp-7.74.0

[runway-github]

• fix: fix block explorer redirection cp-7.74.0 (fix: fix block explorer redirection cp-7.74.0 #28966)

Description

Fixes the block explorer URL generation for Solana SPL tokens in the
Security Trust screen. The params.address contains a full CAIP asset
type ID (e.g.,
solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp/token:USD1ttGY1N17NEEHLmELoaybftRBUSErhqYiQzvEmuB)
but the block explorer URL template expects just the raw token address.

This change extracts the assetReference from the CAIP asset type before
passing it to getBlockExplorerTokenUrl.

Changelog

CHANGELOG entry: Fix block explorer redirection for solana.

Related issues

Fixes:
https://consensyssoftware.atlassian.net/browse/ASSETS-3076?focusedCommentId=412599

Manual testing steps

Feature: my feature name

  Scenario: user [verb for user action]
    Given [describe expected initial app state]

    When user [verb for user action]
    Then [describe expected outcome]

Screenshots/Recordings

Before

After

Screen.Recording.2026-04-17.at.11.51.22.mov

Pre-merge author checklist

• I've followed MetaMask Contributor
  Docs and MetaMask Mobile
  Coding
  Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format
  if applicable
• I've applied the right labels on the PR (see labeling
  guidelines).
  Not required for external contributors.

Performance checks (if applicable)

• I've tested on Android
  • Ideally on a mid-range device; emulator is acceptable
• I've tested with a power user scenario
• Use these power-user
  SRPs
  to import wallets with many accounts and tokens
• I've instrumented key operations with Sentry traces for production
  performance metrics
• See trace() for usage and
  addToken
  for an example

For performance guidelines and tooling, see the Performance
Guide.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the
  app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described
  in the ticket it closes and includes the necessary testing evidence such
  as recordings and or screenshots.

---

Note

Low Risk
Low risk: a small, localized change to external link URL generation
plus targeted unit tests; main risk is incorrect CAIP parsing leading to
broken explorer links for some non-EVM assets.

Overview
Fixes block explorer redirection from SecurityTrustScreen by
detecting CAIP asset type addresses and passing only the parsed
assetReference (e.g., Solana mint) into getBlockExplorerTokenUrl
instead of the full CAIP identifier.

Updates SecurityTrustScreen.test.tsx to make route params
configurable and adds assertions that EVM addresses are passed through
unchanged while Solana CAIP addresses are correctly parsed before URL
generation (with useBlockExplorer now mocked to verify calls).

^{Reviewed by Cursor Bugbot for commit
a5464e1. Bugbot is set up for automated
code reviews on this repo. Configure
here.}

[47ee978](https://github.com/MetaMask/metamask-mobile/commit/47ee978dc26bedfbaf8b7c63bee45ff9115e2bc3)

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[github-actions]

🔍 Smart E2E Test Selection

⏭️ Smart E2E selection skipped - PR targets a release branch (release/*)

All E2E tests pre-selected.

View GitHub Actions results

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

✅ E2E Fixture Validation — Schema is up to date
11 value mismatches detected (expected — fixture represents an existing user).
View details

[chloeYue]

LGTM