Rabby Wallet

The wallet requires the user confirmation in order to process requests from dApps to all RPC endpoints.

The wallet requires user connection for every request.

The wallet requires the user to unlock it in order to process requests from dApps to all RPC endpoints.

The wallet refuses to sign an EIP-712 object with a chainId that does not match the currently active chain.

The `eth_sign` method is disabled by default.

The wallet does not warn users of a domain or scheme mismatch when signing SIWE message.

Wallet displays the list of connected DApps and allows connection removal. The functionality is working properly.

The wallet provides a built-in revoke token feature that allows users to revoke token approvals.

The wallet switches chains without requesting user confirmation. Additionally, it does not offer a list of networks for the user to select or approve, limiting control over which networks the connected dApp can access.

The wallet effectively leverages transaction simulation, displaying the potential outcomes and changes in balance before executing the transaction.

The interface provides all the necessary information for a user to make an informed decision about this token approval transaction.

The wallet provides a clear method for users to review the data to be signed, both for personal sign and EIP-712 objects.

The wallet parses and interprets EIP-712 objects and ERC-20 permits.

The wallet does not allow the user to send transactions with invalid checksums.

When attempting to sign a personal message with a large input, the sign button remains enabled and available at all times.

The wallet offers clickable links in both the transaction and transaction history.

The wallet provides seed-phrase backup functionality and requires authentication to access mnemonics or private keys.

The wallet features a lock button to lock it manually in the settings menu.

The wallet includes an auto-lock feature, but the default setting is configured to never lock.

The wallet requires passwords to be at least 8 characters long but does not prevent the use of easy-to-guess passwords such as 12345678.

The wallet allows users to copy mnemonics to the clipboard without warning them about the risks of doing so.

The wallet provides warnings to users about the risks of sharing or revealing their mnemonics or private keys to others.

The wallet includes a potentially malicious dApp list based on site popularity and listings, but it does not explicitly warn users about known phishing dApps.

The wallet does not warn the user when interacting with a well-known scamming address, such as the Tornado Cash Attacker address.

The wallet includes a list based on site popularity and by checking where the site has been listed.

The wallet shows a warning if the user has never transacted with an address before.

The wallet does not truncate the dApp URL in the connection dialog.

NFTs are displayed with spam NFTs being filtered out.

The wallet does not inform users within the connection dialog about the actions the dApp is allowed to perform after the connection is established.