Ambire

The wallet requires user confirmation before processing each DApp request to every RPC endpoint.

The wallet requires a user connection to access all the RPC endpoints. It prompts a dApp connection request.

When in locked state, it requires users to unlock the wallet to process requests from the dApp to every RPC endpoint.

The wallet does not display a warning when signing EIP-712 messages if the chain ID differs from the currently active chain.

The wallet doesn't support the eth_sign method.

The wallet warns users of domain or scheme mismatches when signing an EIP-4361 message.

The wallet displays a list of connected dApps in their designated section and allows users to remove connections.

The wallet does not offer the ability to list and revoke token approvals.

The wallet switches chains without requesting user confirmation, but when the RPC URL is changed, it requires user confirmation.

The wallet displays the NFT received when providing liquidity to a pool.

When performing an approve transaction with 1inch, the wallet clearly informs spender address, token and amount.

When performing an `eth_personalSign` with a large message, the wallet does not truncate the message. It also displays the verifying contract in an EIP-712 object.

The wallet provides minimal parsing, only slightly improving the JSON view of ERC20 permits and Opensea listings.

The wallet doesn't allow users to send a transaction with invalid checksums.

The wallet prevents users from signing data before reviewing it.

The wallet includes clickable links in the transaction history, but not during the process of sending a transaction.

The wallet requires a password to display mnemonics/private keys.

To lock your wallet, click the three lines menu in the top right corner, then select 'Lock Ambire' at the top of the dropdown menu.

The wallet is configured to never lock by default

The wallet requires at least an 8-character password but allows easy-to-guess passwords.

The wallet allows users to copy mnemonics or private keys to the clipboard for over a minute without explicitly warning them about the risks involved.

The wallet warns users about the risks associated with sharing or revealing mnemonics/private keys and provides information about using mnemonics.

The wallet displays a clear warning message for blacklisted dApps, informing users about the associated risks.

It doesn't warn the user when trying to send funds to the tornado cash attacker address and fails to show the recipient address.

The wallet provides a verification indicator when connecting to UniSwap or 1inch, displaying a green shield on the dApp’s icon to signal that the dApp can be trusted. However, it also displays the same icon for the testing dApp, which is not a recognized dApp.

Through the dApp, the wallet does not warn users when interacting with an unknown or untrusted address. However, within the extension, it clearly displays an alert indicating that it is the first time the user is sending a transaction to that address.

It displays the complete URL of this site: https://arbitrum-token-bridge-cqjggprvn-offchain-labs.vercel.app/

The wallet displays spam tokens and legitimate ones.

The wallet informs the user, within the connection dialog, that by connecting they are allowing the DApp to view their address, as well as to request transaction approval.