Bitget

The wallet breaks the connection and fails to process the wallet_watchAsset RPC endpoint properly, yet it still requires user confirmation for other DApp requests.

The wallet has an embedded browser, it requires user confirmation before processing each DApp request

Doesn't have a lock button; it's impossible to lock the wallet but requires the face id in every transaction.

The wallet only in eth allows signing an EIP-712 object even if the chainId does not match the active chain.

The wallet does not support the eth_sign method.

The wallet does not warn users of a domain or scheme mismatch when signing SIWE message.

The wallet displays a list of connected DApps and allows users to revoke access either individually or all at once.

The wallet offers the ability to list and revoke token approvals via in-app functionality.

The wallet switches chains, requiring user confirmation.

The wallet displays incoming or outgoing assets for pool requests.

The wallet provides a clear interface for users to review the approved transaction details.

The wallet displays large messages in personal sign requests without truncation, but doesn't show the verifying contract in the EIP-712 object.

The wallet displays EIP-712 objects as plain data without parsing them.

The wallet allows transactions to addresses with invalid checksums by auto-correcting them when provided by a DApp. When the address is entered manually, it shows an invalid address alert.

The sign button is available from the start.

The wallet provides clickable links in both historical transactions and transaction previews.

The wallet prompts the user's face id before displaying the recovery phrase.

The wallet doesn't include a manual lock option within the settings menu.

The wallet doesn't include an auto-lock feature, and takes more than a minute to auto-lock

The wallet supports biometrics and mandates its use once enabled, without requiring a password or passcode.

The wallet doesn't allow copying mnemonics or private keys to the clipboard and blocks screen captures with a black screen.

The wallet provides a clear warning about the risks of sharing mnemonics and private keys before revealing them.

The wallet doesn't alert about connections to known phishing DApps.

The wallet doesn't alert users when sending funds to known phishing addresses, such as the Tornado Cash attacker address, when using the DApp.

The wallet doesn't inform users when they are interacting with well-known, verified URLs (DApps) like Uniswap.

The wallet does not warn the user when trying to send funds to an unknown address.

The wallet doesn't display the full URL of the DApp without truncation when users attempt to connect.

The wallet doesn't filter out spam or scam NFTs.

The wallet notifies users in the connection dialog that connecting allows the DApp to access their balance, and activity, and request transaction approvals.