Tomo

The wallet implements Wallet Connect through its browser and it requires user confirmation before processing each request to the following RPC endpoints: wallet_addEthereumChain, wallet_watchAsset, eth_decrypt, eth_getEncryptionPublicKey, eth_signTypedData*, personal_sign, eth_sendTransaction.

The wallet has an embedded browser and it requires user confirmation before processing each DApp request to the following RPC endpoints: wallet_addEthereumChain, wallet_watchAsset, eth_decrypt, eth_getEncryptionPublicKey, eth_signTypedData*, personal_sign, eth_sendTransaction.

The wallet disconnects from dApps when it gets locked.

The wallet does not refuse or warns the user when attempting to sign an EIP-712 object with a chainId that does not match the currently active chain.

The wallet does not support the eth_sign method.

The wallet does not warn users of a domain or scheme mismatch when signing an EIP-4361 (Sign in With Ethereum - SIWE) message.

The wallet does not provide a list of connected dApps. Wallet Connect appears to be broken. When using the browser, it does not prompt a connection dialog before connecting and it does not revoke connection when leaving the browser.

The wallet does not offer token allowance revocation within the app, nor does it provide a third-party external link for this purpose.

The wallet does not require user confirmation, but it also does not switch chains.

The wallet only requests biometrics before executing a transaction and does not provide a transaction preview.

The wallet only requests biometrics before executing a transaction and does not provide a transaction preview.

The wallet only requests biometrics before executing a transaction and does not provide a transaction preview.

The wallet only requests biometrics before executing a transaction and does not provide a transaction preview.

The wallet does not process transactions with invalid checksum addresses within the dApp. It also warns and prevents the user from sending funds manually.

The wallet only requests biometrics before executing a transaction and does not provide a transaction preview.

The wallet provides clickable links while querying the wallet history and it lacks transactions previews.

The wallet enforces authentication before displaying the mnemonics or private keys.

The wallet offers a logout button that functions similarly to a lock button.

The wallet lacks an automatic lock option and does not lock itself after being sent to the background for more than one minute.

The wallet requires user registration, then asks for a 6-digit PIN, allowing easy-to-guess combinations like 111111 but rate limits failed attempts to five.

The wallet allows copying mnemonics to the clipboard without warning the users about the risks of doing so, while also does not prevent screenshots.

The wallet warns users about the risks associated with sharing or revealing mnemonics or private keys.

The wallet connects to a dApp immediately after clicking the connect button, without prompting a connection dialog. It also does not display a warning when visiting a malicious dApp.

The wallet only requests biometrics before executing a transaction and does not provide a transaction preview.

The wallet connects to a dApp immediately after clicking the connect button, without prompting a confirmation dialog.

The wallet only requests biometrics before executing a transaction and does not provide a transaction preview.

The wallet connects to a dApp immediately after clicking the connect button, without prompting a confirmation dialog.

The wallet does not have a feature to display an NFT list and it fails to filter out scam or spam tokens.

The wallet connects to a dApp immediately after clicking the connect button, without prompting a confirmation dialog.