MetaMask

The wallet requires user confirmation before processing any request to the following RPC endpoints: wallet_addEthereumChain, wallet_watchAsset, eth_decrypt, eth_getEncryptionPublicKey, eth_signTypedData, personal_sign, and eth_sendTransaction.

The wallet successfully requires user confirmation before processing any dApp request to the following RPC endpoints: wallet_addEthereumChain, wallet_watchAsset, eth_decrypt, eth_getEncryptionPublicKey, eth_signTypedData, personal_sign, and eth_sendTransaction.

The wallet requires the user to unlock it before processing any request to the following RPC endpoints: wallet_addEthereumChain, wallet_watchAsset, eth_decrypt, eth_getEncryptionPublicKey, eth_signTypedData, personal_sign, and eth_sendTransaction.

The wallet refuses to sign an EIP-712 object if its chain ID does not match the currently active chain.

The wallet does not support the eth_sign method.

The wallet displays a warning when the user attempts to sign a SIWE message.

The wallet lists connected dApps and allows effective individual access revocation.

The wallet provides token allowance revocation within its portfolio, in their browser.

The wallet allows switching between preselected networks within the connection dialog, and if the user attempts to switch to a non-preselected chain, it will ask for confirmation.

The wallet offers transaction simulation, clearly displaying all incoming and outgoing assets involved in the transaction.

The wallet provides a clear interface for reviewing and approving transactions. It displays the recipient of the token approval, the token details, the amount, and the spending limit.

The user can scroll through large messages, allowing them to review the data before signing, without truncating any information or hiding any details. The wallet also displays the verifying contract when signing an EIP-712 message.

The wallet parses and displays the details when attempting to sign an EIP-712 object.

The wallet does not warn or block transactions to addresses with invalid checksums when using a dApp. However, it does provide warnings and prevents the transaction when the address is entered manually.

When presented with a large message in a personal sign request, the confirm button remains enabled at all times.

The wallet includes clickable links when viewing transaction history but does not provide any within the transaction details view.

The wallet requires user authentication before displaying the mnemonic or private keys.

The wallet allows manual locking through the settings menu.

The wallet automatically locks after 30 seconds of inactivity by default. It also locks when the device is locked or when the app moves to background execution.

The wallet allows easy-to-guess passwords like 11111111. It supports biometrics but does not limit login attempts to five—you can try as many times as you want.

The wallet allows users to copy their mnemonic to the clipboard without any time restriction and without explicitly warning them about the associated risks. It also prevents users from taking screenshots

The wallet implements a detailed mechanism to warn users about the risks of sharing their mnemonic or private keys before displaying them.

The wallet does not display any warning message in the connection dialog when attempting to access a malicious dApp through WalletConnect, but it does block and warn users about the risks when using the browser.

The wallet clearly warns the user when attempting to send a transaction to a known malicious address, such as the Tornado Cash attacker.

The wallet neither informs the user nor highlights well-known, verified dApps when attempting to connect to them.

The wallet displays a question mark next to addresses that have not been interacted with before, indicating to the user that this is their first interaction.

The wallet successfully displays the full dApp origin URL in the connection dialog.

The NFTs section displays no information—neither legitimate nor scam NFTs or tokens are shown.

The wallet clearly informs users within the connection dialog that, by connecting, they allow the dApp to view their wallet balance and activity, as well as request transaction approvals.