Coin Wallet

Implements Wallet Connect and requires user confirmation before processing each DApp request

The wallet does not have embedded browser functionality.

When you lock the wallet, it disconnects from the dApp.

The wallet refuses to sign EIP-712 messages when the chain ID doesn't match the currently active chain.

The 'eth_sign' method is "enabled" by default but the wallet used personal_sign, converted to bytes.

The wallet doesn't warn users of domain or scheme mismatches when signing an EIP-4361 message.

The wallet lets you connect to a single dApp and offers effective access revocation.

The wallet lacks the functionality to display token approvals.

The wallet switches chains without requesting user confirmation.

It fails to show the incomes and all the outcomes of the transaction.

The app doesn't show who's receiving token approval or how many tokens are approved, just the contract address.

The wallet displays the verifying contract in the EIP-712 object and does not truncate information when a large input is provided during a personal sign.

It displays plain data within the EIP-712 object.

The wallet blocks transactions with invalid checksum addresses when using a DApp, but allows them when entered manually through the wallet.

The sign button is available from the start but requires the user to scroll through a large message before being able to sign the request.

The wallet includes clickable links in the transaction history but does not provide them in transaction previews.

After clicking the 'Export private key' button, the wallet requires a password to display the mnemonics or private keys. It doesn't support mnemonics back up.

The wallet lacks a manual lock feature. Instead, it just offers a "Log Out" button which deletes the account from the wallet.

The wallet lacks an automatic locking system, remaining unlocked by default. No lock occurs after exiting, remaining locked for over 1 minute, or when the device gets locked.

The wallet has biometrics and rate limits (3) attempts and closes the account so you have to "Open existing wallet" again although it allows weak pins like 1111.

Does not have seed phrase backup functionality.

It subtly tells you it's risky to share your secret words or private keys with others. This alert appears before the mnemonic viewing process.

The wallet does not offer a DApp preview menu to show users the DApp URL. Once the user scans the QR code and press connect, the wallet connects to known phishing dApps like https://arbitrum-token-bridge-cqjggprvn-offchain-labs.vercel.app/

The wallet does not alert users about interactions with known phishing or scam addresses.

The wallet does not offer a DApp preview menu to show users the DApp URL. Once the user scans the QR code and press connect, the wallet connects the DApp without further permission requests.

The wallet does not warn users when they interact with an unknown or untrusted address.

The wallet does not offer a DApp preview menu to show users the DApp URL.

The wallet does not support listing or displaying NFTs, as it lacks this functionality.

The wallet connects directly without approval and does not inform the user within the connection dialog about the permissions being granted when connecting to a DApp.