OKX

The wallet requires user confirmation before processing each dApp request to all of the RPC endpoints.

The wallet requires user connection to access the RPC endpoints.

The wallet requires the user to unlock it before processing each request.

The wallet identifies EIP-712 objects and blocks all eth_signTypedData requests.

The `eth_sign` method is disabled by default, and the wallet forces the user to cancel the request.

The wallet does not warn users of a domain or scheme mismatch when signing a SIWE message.

The wallet provides a list of connected dApps and offers users the option to revoke access to all of them or revoke them individually. This function works properly, effectively disconnecting from the selected dApp.

The wallet includes an in-app option that allows users to revoke token approvals directly through its functionality.

The wallet switches chains without requesting user confirmation. Additionally, it does not offer a list of networks for the user to select or approve, limiting control over which networks the connected dApp can access.

The wallet accurately displays all transaction incomes and outcomes, including the NFT received when adding liquidity to the pool.

Effect, token, amount and spender contract address are all present in the approve.

The wallet displays full messages in personal_sign requests without truncation and blocks all eth_signTypedData requests.

The wallet identifies EIP-712 objects and blocks all eth_signTypedData requests.

The wallet doesn't allow transactions to an address with an invalid checksum.

The sign button is available from the start.

The wallet provides clickable links in the history but not in the transaction preview.

The wallet requires the user to enter their password before revealing the recovery phrase.

The wallet provides a manual lock button in the top right corner, in the settings menu.

The wallet features auto-lock functionality, but the default lock time is set to 2 hours.

The wallet suggests using biometric authentication, but if the user opts for a password, it requires an 8-digit password while still allowing easily guessable passwords.

The wallet takes strong measures to prevent users from copying mnemonics or private keys to their clipboard. It completely disables copying seed phrases. For private keys, it provides two options: one allows copying the entire private key while displaying a warning about the risks, and the other permits copying only the first six digits, requiring the user to manually enter the last six.

The wallet displays a warning to the user about the risks associated with sharing their recovery phrase.

The wallet successfully warns the user when attempting to connect to a phishing dApp.

The wallet warns when attempting to send funds to the Tornado Cash attacker address.

Wallet does not inform the user when trying to connect to a well-known, verified url.

The wallet does not inform the user that he is interacting with an unknown address.

The wallet displays de dApp origin url in full.

The wallet effectively filters out spam and scam NFTs.

The wallet does not inform users, within the connection dialog, that by connecting they are allowing the dApp to view their wallet balance and activity, as well as to request transaction approvals.