Uniswap

The wallet requires user confirmation before processing the switch chain DApp request.

The wallet doesn't have an embedded browser.

It is asking the user to unlock their wallets in every test

The wallet does not refuse to sign EIP-712 messages when the chain ID doesn't match the currently active chain.

The eth_sign method breaks the dApp connection and fails to execute. However, personal_sign works correctly.

The wallet doesn't warn users of domain or scheme mismatches when signing an EIP-4361 message.

It shows all connected DApps and also the chance to revoke access to them

The wallet lacks the functionality to display token approvals.

It doesn´t require user confirmation before processing the method

The wallet only shows outgoing transactions. It doesn't display the transaction incomes, such as NFTs received from a pool.

It does not include all the information required, just the contract address of WPOL with a link to PolygonScan and the symbol

It fails to show the verifyingContract field in the EIP712Domain. Tested using the PERSONAL SIGN and SIGN TYPED DATA V4 buttons.

The wallet parses the EIP-712 ERC-20 Permits but not the Opensea Seaport listings, both were tested with the dApp sign v4 button.

When initiating a transaction through the testing DApp, the wallet does not warn about incorrect address checksums and allows you to confirm the transaction, although it doesn’t process it effectively. However, if attempted manually within the wallet, the transaction is not permitted.

Sign buttons are always enabled

The wallet includes clickable links in the transaction history and during the process of sending a transaction.

After clicking the 'View' button, the wallet requires a password to display the mnemonics or private keys.

The wallet lacks a manual lock feature. Instead, it offers a "Remove Wallet" button.

The wallet by default does not include any auto-lock feature such as auto-locking on inactivity (1 minute or less by default), when the device gets locked, or when the app is moved to background execution.

The wallet supports biometrics or uses the iPhone passcode for authentication.

The wallet lets you copy words without warning for over a minute. But if you take a picture of the screen, it tells you it might not be safe.

It subtly tells you it's risky to share your secret words or private keys with others. This alert appears before the mnemonic viewing process.

The wallet does not alert users about connections to known phishing dApps like https://arbitrum-token-bridge-cqjggprvn-offchain-labs.vercel.app/

The wallet blocks a transaction to a known malicious address, such as the Tornado Cash attacker.

The wallet may confuse users when connecting to known phishing or verified dApps such as https://arbitrum-token-bridge-cqjggprvn-offchain-labs.vercel.app/ or 1inch, as it displays a verified checkmark in both cases.

The wallet warns users when they are not interacting with a previously known or trusted address if they try to send a manual transaction, but it does not emit any warning if the transaction is done through the dApp.

The wallet displays the DApp origin URL in the 'Connect' dialog.

The wallet hides spam or scam tokens and NFTs that are sent to it

The wallet clearly tells users it can see your address and token amounts, but won't move your assets without your permission.