Rainbow

It prompts users for confirmation before processing each DApp request. For the add chain method, it displays a success alert but doesn't execute these changes within the wallet.

The wallet includes an embedded browser and prompts users for confirmation before processing each dApp request. For the addChain method, it displays a success alert but does not apply the changes within the wallet.

The wallet remains unlocked continuously, so it does not require unlocking to display a request coming from the app. However, authentication is required before fulfilling a transaction or signature request.

The wallet does not refuse to sign EIP-712 messages when the chain ID doesn't match the currently active chain.

The 'eth_sign' method is disabled by default with no option to enable it

The wallet doesn't warn users of domain or scheme mismatches when signing an EIP-4361 message.

It shows all connected DApps and also the chance to revoke access to them.

The wallet displays token approvals but lacks the functionality to revoke them.

It doesn´t require user confirmation before processing the method

It's working, it displays all the transaction simulation information clearly.

It includes token, effect, allowance, and contract address but not the contract spender address

Wallet displays all the information including the Domain with verifying Contract and the personal_sign with a large message.

The wallet does not parse information from Opensea Seaport listings or ERC-20 Permits. However, it does perform a transaction simulation with the permit.

The wallet fails to alert users about requests containing addresses with invalid checksums. It automatically corrects these addresses to ensure valid checksums; however, when attempting to send the transaction, the process fails.

The sign button is available from the start, and the data is shown truncated (you need to swipe to read it in full)

The wallet includes clickable links in the transaction history and during the process of sending a transaction.

After clicking the 'Show Secret Phrase' button, the wallet requires a password to display the mnemonics or private keys.

The wallet lacks a manual lock feature. Instead, it offers a "Reset Keychain" button.

The wallet doesn't auto-lock on inactivity after a minute, when the device gets locked, or the app is moved to background execution. Requests authentication when processing a transaction or performing a sensitive action and there is no option in the settings menu to set a custom locking time.

By default, the wallet uses the iPhone lock when viewing the mnemonics for the first time but not to lock the wallet itself. If Face ID is not enabled, it uses the device passcode and does not allow users to set their own wallet password.

When copying mnemonics to the clipboard, the wallet doesn't limit the time these secrets are present in the clipboard(over a minute), doesn't warn when copying or taking a screenshot, just a thumbs up

Before you see the secret phrase, it warns the user about the risks of sharing your mnemonics or private keys

The wallet alerts users about connections to known phishing dApps like https://arbitrum-token-bridge-cqjggprvn-offchain-labs.vercel.app/

The wallet prevents or alerts about interactions with known phishing or scam addresses.

The wallet does not display any messages or a verified checkmark when connecting or interacting with well-known DApps like Uniswap or 1inch.

The wallet doesn't warn users when they interact with an unknown or untrusted address.

The wallet displays truncated URLs, apparently omitting subdomains.

It doesn't hide spam or scam tokens and NFTs sent to the address

The wallet provides no information about permissions granted when connecting to DApps.