Coin98

The wallet requires user confirmation before processing each dApp request.

The wallet requires user authentication to access the RPC endpoints.

The wallet requires the user to unlock it before processing every request.

The wallet refuses to sign an EIP-712 message with a chainId that does not match the currently active chain.

The `eth_sign` method is not supported by the wallet.

The wallet does not warn users of a domain or scheme mismatch when signing a SIWE message.

The wallet offers a list of connected dApps and allows users to disconnect from them individually.

Users can revoke token allowances by navigating to Services > Token Issuer, which redirects them to a self-developed app for managing token approvals.

The wallet doesn't require user confirmation before processing each dApp request.

The wallet utilizes transaction simulation and displays all incomes and outcomes for both swaps and liquidity additions in Uniswap.

The interface clearly presents all necessary approval details, including the token, symbol, function, spender address, token contract, and amount, making it easy to understand.

The wallet does not truncate large messages in a personal sign. It also displays the verifying contract of an EIP-712 object, but it is hard to notice as it is placed at the bottom, under '3rd Party's Details'.

The wallet displays an EIP-712 object as plain data without parsing it.

The wallet prevents sending transactions to invalid checksum addresses both via dApps and manually. However, it only displays a generic alert message instead of explicitly stating the issue when trying to send funds manually.

The wallet displays the sign button immediately when presented with a large input message.

The wallet includes clickable links to the recipient's address in the transaction preview and to the transaction hash in the wallet history.

The wallet requires the user to enter their password before revealing the recovery phrase or private keys.

The wallet provides a lock button on the main screen.

The wallet does not offer an auto-lock time setting and does not automatically lock after 20 minutes of inactivity.

The wallet enforces the use of a strong password with a minimum length of eight characters.

The wallet allows users to copy mnemonics without warning them about the risks involved.

The wallet displays a warning to the user about the risks associated with sharing their recovery phrase or private keys before revealing them.

No warning or alerts emitted while trying to connect to phishing dApps.

The wallet does not warn the user when attempting to send funds to the Tornado Cash attacker address.

The wallet does not feature a verified domain indicator for well-known dApps.

The wallet does not warn the user when attempting to send funds to an unknown address.

The wallet truncates the dApp URL in the connection dialog, but expanding the view reveals the full URL.

The wallet does not successfully filter out scam/spam NFTs.

The wallet's connection dialog clearly displays that the dApp being connected to can view the user's wallet balance and activity, as well as request transaction approvals.