Bitget

The wallet requires user confirmation before processing each dApp request.

The wallet requires a user connection to access the RPC endpoints.

The wallet requires the user to unlock it before processing each request.

The wallet doesn't allow signing an EIP-712 message with a chainId that does not match the currently active chain.

The eth_sign method is enabled and functional.

The wallet does not warn users of a domain or scheme mismatch when signing a SIWE message.

The wallet provides a list of connected dApps and offers users the option to revoke access to all of them or revoke them individually. This function works properly, effectively disconnecting from the selected dApp.

The wallet includes a section to revoke token allowances under the Tools tab, labeled as Approval Checker. This link redirects users to a website where they can manage and revoke token approvals.

The wallet requires user confirmation before processing the wallet_switchEthereumChain RPC request from the dApp.

The wallet fails to display all incoming and outgoing assets in both liquidity pool additions and swaps.

The wallet does not inform the spender contract address.

The wallet displays large messages in personal sign requests without truncation, but fails to show the verifying contract in the EIP-712 object.

The wallet displays EIP-712 objects as plain data without parsing them.

The wallet prevents sending transactions to invalid checksum addresses both via dApps and manually.

The sign button is available from the start.

The wallet provides clickable links in the history but not in the transaction preview.

The wallet requires the user to enter their password before revealing the recovery phrase or private keys.

The wallet provides a manual lock button in the top right corner of the Discover tab.

By default automatically locks itself after 30 minutes of inactivity.

The wallet enforces an 8-digit password but permits easily guessable ones like "12345678."

The wallet doesn't allow users to copy mnemonics and private keys to the clipboard and does not explicitly warn them about the risks associated with copying them.

The wallet displays a warning to the user about the risks associated with sharing their recovery phrase or private keys.

The wallet did not issue any warnings when attempting to connect to a deceptive dApp.

The wallet failed to issue warnings when attempting to send funds to the Tornado Cash attacker address.

The wallet does not feature a verified domain indicator for well-known dApps.

The wallet does not inform the user that he is interacting with an unknown address.

The wallet truncates the URL of the dApp the user is attempting to connect to.

The wallet does not filter out scam or spam NFTs.

The wallet clearly informs users, within the connection dialog, that by connecting they are allowing the dApp to view all their information on the Ethereum network, as well as to request transaction approvals.