Family

Implements Wallet Connect and requires users to confirm the wallet to process requests.

Has embedded browser and requires user confirmation before processing each DApp request

The wallet supports WalletConnect but is not locked by default. You can enable the lock option in settings, and once activated, it requires Face ID or a passcode to process requests.

The wallet doesn't warn the user when DApp is trying to use a chain ID different from the active chain but prevents the request.

With the 'eth_sign' method, Wallet used personal_sign, converted to bytes.

Doens't warns users of a domain or scheme mismatch when signing an EIP-4361 (sign in with Ethereum)

It shows all connected DApps and also the chance to revoke access to them

The wallet clearly allows us to handle the approvals

It doesn´t require user confirmation before processing the method

It clearly shows the NFT we are receiving when providing liquidity to a pool.

Include details such as the contract address, token, effect, allowance, and contract spender address.

It doesn't include all the required information, such as the verifying contract. It only shows the message section.

With OpenSea, the wallet displays plain data; however, when signing an ERC-20 Permit, it correctly parses the information.

Doesn't warn users when providing addresses with invalid checksums (EIP-55 address checksum) and fixes the address while doing the transaction with the app.

The sign button is available from the start

Includes clickable links in account activity and transactions

Wallet requires Face ID to display mnemonics/private keys

The wallet lacks a manual lock feature. Instead, it offers a "Remove Wallet" button.

The wallet requires permission to use Face ID but does not auto-lock after inactivity, when the device is locked, or during background execution by default. However, Face ID can be enabled to lock the app.

The wallet supports biometric authentication, but not by default. Once enabled, biometrics are required to access the wallet, and if the Face ID is not activated, it defaults to using the iPhone passcode, and it rate-limits attempts after the 5th one.

The wallet doesn't show any warning about copying mnemonics to the clipboard or screenshot captures and doesn't limit the time these secrets are present in the clipboard.

It warns the user about the risks of sharing their mnemonics or private keys

Alerts about connections to known phishing DApps like https://arbitrum-token-bridge-cqjggprvn-offchain-labs.vercel.app/

It doesnt show any warning when trying to send funds to the Tornado Cash attacker address

The wallet displays an alert indicating that the domain is verified.

The wallet doesn't warn users when they are interacting with unknown addresses. However, through the app it does warn about new addresses without any previous activity.

The wallet truncates the URL.

The wallet doesn't show spam or scam tokens and NFTs

Clearly informs users, within the connection dialog, that by connecting they are allowing the DApp to view their wallet balance and activity, as well as to request transaction approvals