TokenPocket

It prompts users for confirmation before processing each DApp request.

Has an embedded browser and requires user confirmation before processing each DApp request to the following RPC endpoints.

Implements Wallet Connect and, when in a locked state, it requires users to unlock the wallet to start processing requests from DApps.

The wallet does not refuse to sign EIP-712 messages when the chain ID doesn't match the currently active chain.

The 'eth_sign' method is disabled by default

The wallet warns users of domain or scheme mismatches when signing an EIP-4361 message.

It shows all connected DApps and also the chance to revoke access to them

The wallet offers the ability to list and revoke token approvals via in-app functionality.

The wallet requires switching networks before proceeding with certain operations. In the connection dialog, users are prompted to approve specific chains to connect to.

It fails to show the incomes and outcomes of the transaction.

It includes contract address, token, effect, allowance and contract spender address

Wallet displays all the information without truncating any information or hiding any details.

The wallet does not parse information from OpenSea Seaport listings but correctly parses ERC-20 Permits.

When interacting through the dApp, the wallet does not display any warning about incorrect address checksums and allows the transaction to be confirmed. However, when using the app directly, it correctly blocks such transactions.

The sign button is available from the start

The wallet includes clickable links in the transaction history but not during the process of sending a transaction.

After clicking the 'Export Private Key ' button, the wallet requires a password to display the mnemonics or private keys.

The wallet lacks a manual lock feature. Instead, it offers a "Delete Wallet" button.

The wallet lacks an automatic locking system, remaining unlocked by default. No lock occurs after exiting, minimizing for over 1 minute, or when the device gets locked.

Allows weak passwords (such as 12345678), and after the fifth failed password attempt, further attempts are allowed. You can activate Face ID, but it isn't exclusive and is disabled by default; you can enter the password whenever you want

It doesn't limit the time these secrets are present in the clipboard, but shows a warning about the risks

It subtly tells you it's risky to share your secret words or private keys with others. This alert appears before the mnemonic viewing process.

The wallet does not alert users about connections to known phishing dApps like https://arbitrum-token-bridge-cqjggprvn-offchain-labs.vercel.app/

The wallet does not alert users about interactions with known phishing or scam addresses.

The wallet doesn't inform users when they are interacting with well-known, verified URLs (DApps) like Uniswap.

The wallet does not warn users when they interact with an unknown or untrusted address, but it does display a warning when attempting to send a transaction manually.

The wallet displays the DApp origin URL in the 'Connect' dialog.

The wallet doesn't hide spam or scam tokens and NFTs.

The wallet clearly tells users it can see your address and token amounts, but won't move your assets without your permission.