Rainbow

The wallet requires user confirmation for every request.

The wallet requires user connection for every request.

The wallet requires the user to unlock it in order to process requests from dApps to all RPC endpoints.

The wallet refuses to sign an EIP-712 object with a chainId that does not match the currently active chain.

The `eth_sign` method is disabled by default.

The wallet does not warn users of a domain or scheme mismatch when signing SIWE message.

Wallet displays the list of connected dApps and allows connection removal. The functionality is working properly.

The wallet provides a built-in revoke token feature that allows users to revoke token approvals.

The wallet switches chains without requesting user confirmation. Additionally, it does not offer a list of networks for the user to select or approve, limiting control over which networks the connected dApp can access.

The wallet offers transaction simulation, clearly informing the inputs and outputs of the transaction.

The wallet does not includes the spender address.

The wallet allows users to scroll through the full message without truncation and also displays the verifying contract in EIP-712 object.

The wallet does not parse OpenSea Seaport listings, displaying plain data, but it does parse Uniswap positions and ERC-20 permit details.

The wallet allows entering addresses with invalid checksums through the dApp, but when entered manually into the wallet, it does not allow the transaction to be confirmed.

When attempting to sign a personal message with a large input, the sign button remains enabled and available at all times.

The wallet provides clickable links in both historical transactions and transaction previews.

The wallet provides seed-phrase backup functionality and requires authentication to access mnemonics or private keys.

The wallet features a lock button to lock it manually in the settings menu.

The wallet includes an auto-lock feature, but the default setting is configured to none.

The wallet requires passwords to be at least 8 characters long, but does not prevent the use of easy-to-guess passwords such as 12345678.

The wallet allows users to copy mnemonics to the clipboard without warning them about the risks of doing so.

The wallet provides warnings to users about the risks of sharing or revealing their mnemonics or private keys to others.

The wallet successfully warns the user when attempting to connect to a phishing dApp.

The wallet warns users when attempting to send funds to known phishing addresses, such as the Tornado Cash Attacker address when using the dApp.

The wallet displays a blue mark to indicate a verified dApp on some platforms, but not all. For example, OpenSea and Uniswap are marked as verified, while SushiSwap and 1inch do not have the badge.

The wallet does not warn the user when trying to send funds to an unknown address.

The wallet displays de dApp origin url in full.

NFTs are displayed with spam NFTs being filtered out.

The wallet clearly informs users, within the connection dialog, that by connecting they are allowing the DApp to view their wallet balance and activity, as well as to request transaction approvals.