ZenGo

The wallet implements Wallet Connect and it requires user confirmation before processing each request to the following RPC endpoints: wallet_addEthereumChain, wallet_watchAsset, eth_decrypt, eth_getEncryptionPublicKey, eth_signTypedData*, personal_sign, eth_sendTransaction.

The wallet lacks an embedded browser.

The wallet lacks a manual or automatic lock feature, but it enforces biometric authentication for every request.

The wallet refuses to sign an EIP-712 object with a chainId that does not match the currently active chain.

The wallet does not support the eth_sign method.

The wallet does not warn users of a domain or scheme mismatch when signing an EIP-4361 (Sign in With Ethereum - SIWE) message.

The wallet lists connected dApps and allows effective access revocation.

The wallet does not offer token allowance revocation within the app, nor does it provide a third-party external link for this purpose.

The wallet does not prompt the user for confirmation when switching networks, and it does not provide a way to modify networks within the connection dialog.

The wallet does not provide a transaction simulation when attempting to sign or before executing a transaction.

The wallet shows the token and effect, but it does not show the spender address or the amount within an approval transaction preview.

The wallet does not truncate large messages when signing a personal sign request and also displays the verifying contract of an EIP-712 object.

The wallet does not parse EIP-712 objects and instead displays the raw, unparsed data.

The wallet refuses to process transactions when provided with addresses that have invalid checksums (EIP-55), either entered manually or through a dApp.

Sign buttons are always enabled.

The wallet includes clickable links only in the wallet history by providing a link to the transaction hash when clicking on "Status", but it does not offer clickable links in the transaction preview.

The wallet does not support seed-phrase backup. Instead, it uses a cloud service like Google Drive or Dropbox for storage, and you can retrieve your wallet with your email.

The wallet does not feature a manual lock button.

The wallet lacks an auto-lock configuration within the settings menu and it does not lock itself after one minute of inactivity when sending the app to background execution or when the device gets locked.

The wallet allows users to register using an email address and mandates biometric authentication to proceed with the wallet setup.

The wallet does not support seed-phrase backup. Instead, it uses a cloud service like Google Drive or Dropbox for storage, and you can retrieve your wallet with your email.

The wallet does not support seed-phrase backup. Instead, it uses a cloud service like Google Drive or Dropbox for storage, and you can retrieve your wallet with your email.

The wallet does not alert about connections to known phishing dApps.

The wallet does not warn or prevent users from interacting with a known phishing address, such as the Tornado Cash attacker.

The wallet does not inform users when they are interacting with well-known, verified dApps.

The wallet does not warn users when they are not interacting with a previously known or trusted address.

The wallet does not display the dApp origin URL at all within the connection dialog.

The wallet fails to hide spam or scam NFTs sent to the wallet.

The wallet does not inform users, within the connection dialog, that by connecting they are allowing the dApp to view their wallet balance and activity, as well as to request transaction approvals.