imToken

The wallet implements WalletConnect and requires user confirmation before processing each dApp request. However, when using WalletConnect through the embedded browser, approval for the switchChain method is skipped.

The wallet includes an embedded browser and requires user confirmation before processing each dApp request.

Implements WalletConnect and, when in a locked state, displays incoming requests without requiring the user to unlock the wallet to view them. However, confirming a request requires entering the wallet password.

The wallet doesn't reject EIP-712 message signing when the chain ID differs from the active chain. Instead, it changes the wallet's chain to match the EIP-712 chain ID before signing.

The eth_sign method is enabled by default but displays a warning before signing. When tested with the dApp, it does not appear to actually use eth_sign effectively.

The wallet does not warn users of domain or scheme mismatches when signing an EIP-4361 message.

This section displays only the currently connected dApp, as the wallet allows only one active connection at a time. It provides an option to revoke access to the connected dApp. Connecting to a new dApp automatically disconnects the previous one. However, the Disconnect button in the dApp settings does not function when clicked.

The wallet does not offer the ability to list or revoke token approvals, either through in-app functionality or links to external dApps.

User confirmation is required before processing the method, and you need to switch the connected account manually. When you send a request in another chain, it requires you to select another account or to add a new account

The wallet offers transaction simulation, displaying the incomes and outcomes of the transaction.

The wallet shows who gets token approval, how many tokens, and the contract symbol.

Wallet displays all the information, including the Domain with verifying Contract.

It parses ERC20 signv4 information, but for OpenSea signv4, it shows plain data instead of parsing it.

When providing addresses through a dApp or the in-app feature with invalid checksums, the wallet does not display the request.

Sign button is available from the start

The wallet includes clickable links in the transaction history, but not during the process of making a transaction.

After clicking the 'Backup wallet' button, the wallet requires a password to display the mnemonics or private keys.

The wallet lacks a manual locking feature. There is no dedicated "Lock" button available to users.

Auto-locking is only available by enabling Face ID in settings and either fully closing the app or minimizing it to background execution for a minute. This feature is not mandatory by default.

The wallet specifies that passwords must contain at least eight characters, including uppercase and lowercase letters, numbers, and symbols; however, it accepts “12345678” as valid and doesn't rate-limit login attempts after the fifth failed attempt. Additionally, Face ID is available but not required by default.

The wallet does not allow users to copy mnemonics to the clipboard and displays a warning about screenshot captures during the mnemonic viewing process.

Before revealing the key, the wallet clearly and concisely warns the user about the risks of sharing their mnemonics or private keys.

The wallet displays a “reported suspicious” alert. when attempting to connect to https://arbitrum-token-bridge-cqjggprvn-offchain-labs.vercel.app/.

When users attempt to send ETH, the wallet alerts them if the recipient address is linked to phishing or scam activities. However, this feature does not work when sending on the Polygon network.

It does not display any message confirming the verified URL.

The wallet warns users when interacting with an unknown or untrusted address.

In the connect dialog the wallet truncates the Dapp URL.

The wallet’s NFT section does not display spam, scam, or legitimate NFTs sent to it.

The wallet clearly displays messages for viewing the wallet address, as well as for requesting transaction approvals.