Unstoppable Wallet

The wallet implements Wallet Connect and it requires user confirmation before processing each request to the following RPC endpoints: wallet_addEthereumChain, wallet_watchAsset, eth_decrypt, eth_getEncryptionPublicKey, eth_signTypedData*, personal_sign, eth_sendTransaction.

The wallet lacks an embedded browser.

The wallet implements Wallet Connect and it requires users to unlock it to process requests from DApps to the following RPC endpoints when in a locked state: wallet_addEthereumChain, wallet_watchAsset, eth_decrypt, eth_getEncryptionPublicKey, eth_signTypedData*, personal_sign, eth_sendTransaction.

The wallet does not warn the user or rejects transaction when attempting to sign an EIP-712 object with a chainId that does not match the currently active chain.

The wallet supports the eth_sign method, which is enabled and functional by default.

The wallet does not warn users of a domain or scheme mismatch when signing an EIP-4361 (Sign in With Ethereum - SIWE) message.

The wallet lists connected dApps and provides an option to revoke access; however, the Pairings section does not effectively revoke access, leaving connections still active after attempting revocation.

Wallet does not offer functionality to revoke token allowances. No references to this feature found in website or documentation.

The wallet does not prompt the user for confirmation when switching networks, and it does not provide a way to modify networks within the connection dialog.

The wallet does not provide a transaction simulation when attempting to sign or before executing a transaction.

The wallet displays the effect, spender address, token symbol, and amount during an approval transaction preview, but it does not show the token name.

The wallet does not truncate large messages when signing a personal sign request and also displays the verifying contract of an EIP-712 object.

The wallet does not parse EIP-712 objects and instead displays the raw, unparsed data.

The wallet does not warn or block transactions to addresses with invalid checksums when using a dApp. However, it does prevent the transaction when the address is entered manually.

Sign buttons are available from the start.

The wallet provides a clickable link to the transaction hash in the wallet history, allowing users to easily verify the transaction on a block explorer. However, it does not include any clickable links—such as to the recipient address or dApp URL—during the transaction preview, which limits users' ability to review and verify transaction details before confirmation.

Wallet permits registration and wallet addition without a mandatory passphrase or biometric setup. No authentication prompts appear due to the absence of default security settings. Seed phrases are accessible without authentication if the user hasn't enabled passphrase or biometric options. In the case the passphrase is setup, then it forces the user to authenticate before proceeding.

The wallet does not feature a manual lock button.

The wallet does not have passphrase or biometrics enabled by default. After setting up a passphrase and leaving the app for 1 minute, the user is required to unlock the wallet.

The wallet does not prompt users to set a passphrase during the initial setup configuration. It supports biometric authentication, but this feature is disabled by default.

The wallet prevents users from taking screenshots of the mnemonic view. It does allow copying the mnemonics to the clipboard, but it includes a clear warning about the associated risks, encouraging users to proceed with caution.

The wallet displays a warning icon at the top right of the screen, providing information about private keys/mnemonics but does not warns the user about the risks of sharing them.

The wallet does not alert about connections to known phishing dApps. Users need to pay a subscription for domain verifications.

The wallet does not warn or prevent users from interacting with a known phishing address, such as the Tornado Cash attacker.

The wallet does not inform users when they are interacting with well-known, verified dApps. Users need to pay a subscription for domain verifications.

The wallet does not warn users when they are not interacting with a previously known or trusted address.

The wallet displays the full dApp origin URL, even for long URLs, without truncation.

The wallet does not feature NFTs listing and it also does not show spam/scam tokens.

The wallet does not inform users in a clear manner, within the connection dialog, that by connecting they are allowing the dApp to view their wallet balance and activity, as well as to request transaction approvals.