NuFi

The wallet requires user confirmation before accessing RPC endpoints.

The wallet requires users to connect before accessing RPC endpoints.

The wallet requires users to unlock it before processing requests from dApps.

The wallet doesn't refuse to sign an EIP712 object with a chainId that does not match the currently active chain.

The wallet does not support the eth_sign method by default.

The wallet does not warn users of a domain or scheme mismatch when signing a SIWE message.

The wallet displays a list of connected DApps and allows users to remove connections. The functionality operates as intended.

The wallet does not offer a built-in or third-party option to revoke token approvals.

The wallet prompts users for confirmation before switching chains.

The wallet provides a detailed transaction simulation, clearly displaying all expected incomes and outcomes before execution.

The wallet displays the token, amount, and page URL with a link to the requesting website, but does not show the spender address in the approval transaction.

The wallet displays full messages in personal_sign requests, but doesn't show the verifying contract within the EIP-712 object.

The wallet does not parse EIP-712 objects for well-known contracts and protocols such as OpenSea Seaport listings or ERC-20 permits.

The wallet does not allow sending transactions with invalid checksums, whether through the dApp or when attempting to send them manually.

The sign button is available initially.

The wallet provides clickable links in the history and transaction preview for addresses, contracts, or transaction hashes.

The wallet provides seed phrase backup functionality and requires authentication to access the mnemonic or private keys.

The wallet includes a lock button called "Logout wallet" in the main menu, allowing users to lock it manually.

The wallet does not provide an auto-lock timer and does not automatically lock after approximately 20 minutes of inactivity.

The wallet requires passwords to be at least eight characters long, but doesn't prevent the use of easily guessable passwords, such as “12345678.”

The wallet does not allow users to copy the mnemonic, preventing it from being copied to the clipboard.

The wallet warns users about the risks of sharing or revealing their mnemonics or private keys with the following message: “Never share this with anyone! Anyone viewing it can steal your funds from anywhere!

The wallet displays a warning message when users attempt to visit dApps flagged as malicious.

The wallet successfully warns the user about a deceptive address while trying to send funds to the Tornado Cash Attacker address.

The wallet does not notify the user when attempting to connect to a well-known, verified URL such as Uniswap.

The wallet does not warn users when interacting with unknown or untrusted addresses, but allows them to add addresses to their address book.

The wallet displays the dApp’s full origin URL.

The wallet doesn't filter out spam and scam NFTs.

The wallet does not inform users within the connection dialog that connecting allows the dApp to view their wallet balance, activity, and send approval requests.