OneKey

It requires user confirmation before processing requests.

It has an embedded browser and requires user confirmation before processing each DApp request.

It is asking the user to unlock their wallets in every test

The wallet refuses to sign EIP-712 messages when the chain ID does not match the currently active chain.

The eth_sign method is enabled and functions by default, although it displays an alert.

The wallet doesn't warn users of domain or scheme mismatches when signing an EIP-4361 message.

It shows all connected DApps and also the chance to revoke access to them

The wallet provides in-app functionality to list and revoke token approvals.

It doesn´t require user confirmation before processing the method; the connection dialog in the wallet displays the available network.

The wallet displays the NFT received when providing liquidity to a pool, as well as the POL and SUSHI to be spent during the process.

It includes contract address, token, effect, allowance, and contract spender address

The wallet displays all relevant information, including the domain with the verifying contract and the personal_sign containing a large message.

The wallet parses EIP-712 for Opensea Seaport listings or ERC-20 Permit.

The wallet fails to alert users about requests containing addresses with invalid checksums. It also automatically corrects these addresses to ensure valid checksums, but doesn't allow you to confirm the transaction. Using the wallet to perform a transaction with an address containing an invalid checksum is not possible.

The sign button is available immediately.

The wallet includes clickable links in the transaction history, but not during the process of sending a transaction.

After clicking the “Manual Backup” button, the wallet requires a password to reveal the mnemonics or private keys.

By clicking the nine-dot button in the upper-right corner, the wallet provides an option to manually lock it.

The wallet automatically locks after two hours of inactivity by default, though this setting can be customized. It also locks immediately when the app is closed but not when the device is locked or the app is minimized.

The wallet supports biometric authentication, which is enabled by default. It allows easily guessable passwords; however, after the fifth failed password attempt, subsequent attempts are time-limited.

The wallet warns users against copying mnemonics to the clipboard and prevents screenshots of sensitive information by obscuring the phrases with a black overlay.

Before displaying the secret phrase, the wallet warns the user about the risks of sharing their mnemonics or private keys.

The wallet alerts about connections to known phishing DApps.

The wallet doesn't prevent or alert about interactions with known phishing or scam addresses.

The wallet displays a verification symbol to indicate when users interact with authenticated URLs.

The wallet warns users when they interact with an unknown or untrusted address.

The wallet shows the full DApp origin URL in the “Connect” dialog.

The wallet automatically hides spam or scam tokens and NFTs sent to it.

The waller clearly informs users, within the connection dialog, that by connecting they are allowing the DApp to view their account's balance and activity, as well as to approval requests.