Tomo

When receiving requests from the DApp, the wallet only asks for confirmation via Face ID for all methods, without displaying any message or warning.

When receiving requests from the DApp, the wallet only asks for confirmation via Face ID for all methods, without displaying any message or warning.

Locking the wallet automatically disconnects it from the DApp.

When attempting to sign the EIP-712 requests, the wallet doesn’t display any message or warning—it only prompts for Face ID to confirm the request.

The `eth_sign` method is disabled by default.

When attempting to sign the EIP-4361 (SIWE) requests, the wallet doesn’t display any message or warning—it only prompts for Face ID to confirm the request.

Connection via WalletConnect by scanning the QR code appears to be broken, while connecting through the embedded browser works but does not prompt any permission request.

The wallet doesn't offer the ability to list and revoke token approvals via in-app functionality or links to external DApps.

The wallet displays an “UNDEFINED” message when the switch_chain method is called and does not allow the chain to be changed.

When attempting to sign the pool requests, the wallet doesn’t display any message or warning—it only prompts for Face ID to confirm the request.

When attempting to sign the approval, the wallet doesn’t display any message or warning—it only prompts for Face ID to confirm the request.

When attempting to sign the eth_personalSign or any eth_signTypedData requests, the wallet doesn’t display any message or warning—it only prompts for Face ID to confirm the request.

When attempting to sign the eth_personalSign or any eth_signTypedData requests, the wallet doesn’t display any message or warning—it only prompts for Face ID to confirm the request.

The wallet doesn't allow users to send a transaction with invalid checksums, and it emits a warning about it.

When attempting to sign the eth_personalSign or any eth_signTypedData requests, the wallet doesn’t display any message or warning—it only prompts for Face ID to confirm the request.

Clicking on the transfer takes you directly to PolygonScan. When attempting to sign the send transaction requests, the wallet doesn’t display any message or warning—it only prompts for Face ID to confirm the request.

In the wallet management settings, clicking the “View seed phrase” button prompts a window requiring the password to reveal the seed phrase.

The wallet doesn't include a manual lock button, but logging in again is required to regain access.

The wallet lacks an option to configure automatic locking and only locks when the app is closed.

The wallet requires a password of at least 6 characters but allows easily guessable ones. It supports biometrics and enforces rate limiting after the fifth failed attempt.

The wallet does not allow copying the seed phrase but does not prevent or warn against taking screenshots.

In both the password entry window and the seed phrase display screen, a clear warning is shown indicating that sharing the phrase can give others access to your wallet and funds.

The wallet does not alert when visiting or attempting to connect to malicious sites like https://arbitrum-token-bridge-cqjggprvn-offchain-labs.vercel.app/ or https://trustdappmodal.pages.dev/. Connection via WalletConnect by scanning the QR code appears to be broken, while connecting through the embedded browser works but does not prompt any permission request.

When attempting to sign the transaction requests, the wallet doesn’t display any message or warning—it only prompts for Face ID to confirm the request.

The wallet does not inform users when they are interacting with well-known, verified URLs (DApps) like Uniswap or 1inch. Connection via WalletConnect by scanning the QR code appears to be broken, while connecting through the embedded browser works, but does not prompt any permission request.

When attempting to sign the transaction requests, the wallet doesn’t display any message or warning—it only prompts for Face ID to confirm the request.

The wallet does not inform users when they are interacting with well-known, verified URLs (DApps) like Uniswap or 1inch,

The wallet does not include a dedicated NFT section.

Connection via WalletConnect by scanning the QR code appears to be broken, while connecting through the embedded browser works, and requires viewing the wallet balance and activity, as well as requesting transactions.