1inch

The wallet requires user confirmation before processing each request to the following RPC endpoints: wallet_addEthereumChain, wallet_watchAsset, eth_decrypt, eth_getEncryptionPublicKey, eth_signTypedData*, personal_sign, eth_sendTransaction.

The wallet requires user confirmation before processing each DApp request to the following RPC endpoints: wallet_addEthereumChain, wallet_watchAsset, eth_decrypt, eth_getEncryptionPublicKey, eth_signTypedData*, personal_sign, eth_sendTransaction.

The wallet requires users to unlock it to process requests from dApps to the following RPC endpoints when in a locked state: wallet_addEthereumChain, wallet_watchAsset, eth_decrypt, eth_getEncryptionPublicKey, eth_signTypedData*, personal_sign, eth_sendTransaction.

The wallet does not warn the user when attempting to sign an EIP-712 object whose chain ID does not match the currently active chain.

The wallet allows the use of the eth_sign method but internally converts it to personal_sign with the message encoded as bytes.

The wallet warns users of a domain or scheme mismatch when signing an EIP-4361 (Sign in With Ethereum - SIWE) message.

The wallet provides a list of connected dApps and allows users to revoke access either individually or all at once.

The wallet does not provide a built-in feature or a link to an external dApp for revoking token approvals.

The wallet does not prompt the user for confirmation when switching networks, and it does not provide a way to modify networks within the connection dialog.

The wallet does not provide a transaction simulation when attempting to sign or before executing a transaction.

The wallet clearly informs the token, amount, effect and spender address within the approval transaction view.

The wallet does not truncate large messages when signing a personal sign request and also displays the verifying contract of an EIP-712 object under “More details.”

The wallet displays EIP-712 objects as plain data.

The wallet does not display any warning when attempting to send a transaction to an invalid checksumed address, whether through a dApp or when sending manually.

The sign button is available from the start.

The wallet includes clickable links in both the transaction preview and the wallet history.

The wallet enforces authentication to display the mnemonics or private keys.

The wallet does not include a manual lock button to lock the wallet.

The wallet has an auto-lock option called "timeout," which locks the wallet immediately by default. It locks right after minimizing, when the device is locked, or upon fully exiting the app.

The wallet supports biometrics, which users can opt out of. It allows an easy-to-guess six-digit PIN as a passphrase and limits authentication attempts to five.

The wallet does not allow users to copy mnemonics to the clipboard and prevents taking screenshots.

Although the wallet includes a small warning message, it does not explicitly warn users about the risks of sharing their mnemonics.

The wallet alerts users when attempting to connect to known phishing dApps.

The wallet displays a clear warning when interacting with a known scam address, such as the Tornado Cash attacker.

The wallet does not display any verification indicator in the connection dialog when attempting to connect to a well-known, verified dApp.

The wallet does not warn the user when they are not interating with a previously known or trusted address.

The wallet does not display the dApp URL at all.

The wallet successfully filters out scam and spam NFTs and tokens.

The wallet clearly informs users, within the connection dialog, that by connecting they are allowing the dApp to view their wallet balance and activity, as well as to request transaction approvals.