Binance

The wallet supports Wallet Connect and it requires user confirmation before processing each request to the following RPC endpoints: wallet_addEthereumChain, wallet_watchAsset, eth_decrypt, eth_getEncryptionPublicKey, eth_signTypedData*, personal_sign, eth_sendTransaction.

The wallet has an embedded browser and it requires user confirmation before processing each DApp request to the following RPC endpoints: wallet_addEthereumChain, wallet_watchAsset, eth_decrypt, eth_getEncryptionPublicKey, eth_signTypedData*, personal_sign, eth_sendTransaction.

The wallet implements Wallet Connect and it requires users to unlock it to process requests from dApps to the following RPC endpoints when in a locked state: wallet_addEthereumChain, wallet_watchAsset, eth_decrypt, eth_getEncryptionPublicKey, eth_signTypedData*, personal_sign, eth_sendTransaction.

The wallet refuses to sign an EIP-712 object with a chainId that does not match the currently active chain.

The wallet does not support the eth_sign method.

The wallet does not warn users of a domain or scheme mismatch when signing an EIP-4361 (Sign in With Ethereum - SIWE) message.

The wallet lists connected dApps and allows effective access revocation.

The wallet offers the ability to list and revoke token approvals via in-app functionality.

The wallet does not ask for user confirmation when switching chains, but it does inform the user during the connection dialog to which networks he will approve connection, if the network is not in the list, then it will not switch to it.

The wallet offers transaction simulation, clearly displaying all incoming and outgoing assets involved in the transaction.

The wallet clearly provides the token, amount, effect and spender address during an approval transaction.

The wallet does not truncate large messages when signing a personal sign request but it does not display the verifying contract of an EIP-712 object.

The wallet does not parse EIP-712 objects and instead displays the raw, unparsed data.

The wallet allows sending transactions to addresses with invalid checksums both through the dApp and manually within the wallet, without issuing any warnings.

The sign buttons are always enabled.

The wallet includes clickable links when viewing transaction history but does not provide any within the transaction details view.

The wallet enforces authentication before displaying the mnemonics and private keys.

The wallet does not feature a manual lock button.

The wallet does not lock itself after one minute of inactivity, when the device gets locked, or when the app is sent to background execution. It supports biometric authentication. It also does not offer any configuration within its settings menu.

The wallet supports biometrics authentication.

The wallet does not allow copying mnemonics to the clipboard and also prevents users from taking screenshots.

The wallet warns users about the risks associated with sharing or revealing mnemonics or private keys.

The wallet does not alert about connections to known phishing dApps.

The wallet clearly warns and refuses to sign a transaction when the user is attempting to send a transaction to a known malicious address, such as the Tornado Cash attacker.

The wallet does not inform users when they are interacting with well-known, verified dApps.

The wallet does not warn users when they interact with an address that is not previously known or trusted if the transaction is sent through a dApp, but it does show an indicator when sending it manually.

The wallet displays the dApp origin URL in full, without truncation, within the connection dialog.

The wallet successfully hides spam or scam tokens and NFTs sent to the wallet.

The wallet does show an information about the connection risks, but does not inform the user that by connecting they are allowing the dApp to view their wallet balance and activity, as well as to request transaction approvals.