Exodus

The wallet requires the user to unlock it before processing every request.

The wallet requires the user's connection to access the RPC endpoints.

The wallet requires the user to unlock it before processing every request.

The wallet refuses to sign an EIP-712 message with a chainId that does not match the currently active chain.

The wallet used personal_sign converted to bytes.

The wallet does not warn users of a domain or scheme mismatch when signing a SIWE message.

The wallet offers a list of connected dApps and allows users to disconnect from them individually.

The wallet does not offer token allowance revocation within the app, nor does it provide a third-party external link for this purpose.

The wallet switches chains without requesting user confirmation. Additionally, it does not offer a list of networks for the user to select or approve, limiting control over which networks the connected dApp can access.

The wallet utilizes transaction simulation, displaying all incoming and outgoing assets involved in the transaction.

The spender address and token are displayed, but the amount is missing.

The wallet displays the verifying contract in an EIP-712 object and does not truncate large messages in a personal sign request.

The wallet displays an EIP-712 object as plain data without parsing it.

The wallet warns the user when attempting to manually send funds to an address with invalid checksums. When interacting through a dApp, the wallet does not process such requests, as shown in the console.

The wallet displays the sign button immediately when presented with a large input message.

Wallet shows clickable links in wallet history but not in the transaction preview.

The wallet requires authentication before revealing the recovery phrase.

The wallet offers a lock button in the security settings.

The wallet automatically locks itself by default after 60 minutes.

The wallet supports a 4-digit PIN code, such as 2025. It also prohibits easily guessable PINs like 1111 or 0101.

The wallet prevents the user from copying the recovery phrase to the clipboard.

The wallet does not explicitly warn about the risks of sharing mnemonics but provides suggestions on what actions to avoid.

The wallet shows a warning message to the user when visiting dApps flagged as malicious.

The wallet does not warn the user when attempting to send funds to the Tornado Cash attacker address.

The wallet does not feature a verified domain indicator for well-known dApps.

The wallet does not warn the user when attempting to send funds to an unknown address.

The wallet displays the full URL of the dApp the user is attempting to connect to.

The wallet successfully hides spam/scam NFTs from the user, and it also offers the option to display them by applying the hidden filter.

The wallet's connection dialog clearly displays that the dApp being connected to can view the user's wallet balance and activity, as well as request transaction approvals.