Enkrypt

The wallet requires user confirmation for each dApp request. However, for wallet_watchAsset, the dApp confirms success, but the token does not appear in the list.

It skips connection approval for eth_getEncryptionPublicKey, eth_signTypedData_v4 (for Opensea Listing and ERC20 Permit), and personal_sign requests.

It is asking the user to unlock their wallets in every test

The wallet refuses to sign an EIP-712 message with a chainId that does not match the currently active chain.

The wallet used personal_sign, converted to bytes.

The wallet does not warn users of a domain or scheme mismatch when signing a SIWE message.

The wallet does not provide a list of connected dApps and only allows disconnection from the currently active dApp if the tab is open.

The wallet lacks token allowance revocation and does not provide a third-party link for this purpose.

The wallet skips user confirmation before processing the `wallet_switchEthereumChain` RPC request from the dApp. It lets me select the chain to connect to, but when switching it through the DApp, the change goes through without requiring any confirmation.

The wallet does not show all incoming and outgoing assets during a swap or liquidity pool addition on Uniswap.

The approval shows the token and amount, but the contract address is only available in the hidden data hex.

The wallet displays full messages in personal sign requests without truncation and shows the verifying contract in the EIP-712 object.

The wallet displays plain data instead of parsing the EIP-712 object.

Wallet successfully prevents the user from providing an address with invalid checksums

The sign button is available from the start.

The wallet shows clickable links in the wallet history but not in the transaction preview.

The wallet supports seed-phrase backup and requires authentication to access mnemonics.

The wallet includes a manual locking button in the settings menu.

The wallet lacks an auto-lock setting, but it does lock itself after 20 minutes of inactivity.

The wallet requires a strong password of at least eight characters.

The wallet prevents the copying of mnemonics.

The wallet warns about the risks of sharing or revealing mnemonics.

The wallet does not issue warnings or alerts when connecting to phishing dApps.

The wallet does not alert users when interacting with known scam addresses, such as the Tornado Cash Attacker address.

The wallet lacks a verified domain indicator for well-known dApps.

The wallet does not inform the user that he is interacting with an unknown address.

The wallet displays the full URL of the dApp without truncation.

The wallet effectively filters out spam and scam NFTs.

The wallet’s connection dialog informs users that the dApp can access balance and activity but does not mention transaction approval requests.