OneKey

The wallet requires a user confirmation to access the RPC endpoints.

The wallet requires a user confirmation to access the RPC endpoints.

The wallet requires users to unlock the wallet to process requests from dApps.

The wallet inconsistently handles EIP-712 signatures with mismatched `chainId` values. While it refuses to sign such messages when connected to networks like Polygon, it allows signing when using the Ethereum network.

The wallet shows a warning message about the risks of using the `eth_sign` method, but it is enabled by default.

The wallet does not warn users of a domain or scheme mismatch when signing a SIWE message.

The wallet provides a list of connected dApps and offers users the option to revoke access to all of them or revoke them individually. This function works properly, effectively disconnecting from the selected dApp.

The wallet provide a built-in to revoke token approvals.

The wallet requires the user confirmation before processing the wallet_switchEthereumChain

The wallet displays a transaction simulation, showing the incoming and outgoing amounts when attempting to add liquidity to the pool on Uniswap.

The wallet displays the token, amount, and spender address in the approval transaction.

The wallet displays large messages in personal sign requests without truncation and it shows the verifying contract in the EIP-712 object.

The wallet interprets and parses EIP-712 objects.

The wallet does not allow sending transactions with invalid checksums, whether through the dApp or when attempting to send them manually.

The sign button is available from the start.

The wallet provides clickable links in the history but not in the transaction preview.

The wallet provides seed-phrase backup functionality and requires authentication to access mnemonics or private keys.

The wallet features a lock button to lock it manually in the settings menu.

The wallet provides an auto-lock timer but by default, locks itself after 4 hours of inactivity.

The wallet requires passwords to be at least 8 characters long but does not prevent the use of easy-to-guess passwords such as 11111111.

The wallet allows users to copy mnemonics to the clipboard but displays a warning message informing them of the risks.

The wallet provides warnings to users about the risks of sharing or revealing their mnemonics or private keys to others.

The wallet shows a warning message to the user when visiting dApps flagged as malicious.

The wallet failed to issue warnings when attempting to send funds to the Tornado Cash attacker address.

The wallet displays a green checkmark for well-known verified dApps.

The wallet informs the user that he is interacting with an unknown address.

The wallet displays de dApp origin url in full.

The wallet effectively filters out spam and scam NFTs.

The wallet informs users within the connection dialog that connecting allows the dApp to view their wallet balance and activity, as well as send approval requests.