Zerion

Requires user confirmation before processing each DApp request

Requires user connection before processing each DApp request

Requires the user to unlock the wallet before processing each DApp request

The wallet doesn't warn the user about the mismatching chain ID.

The 'eth_sign' method is disabled by default

The wallet doesn't warn users of domain or scheme mismatches when signing an EIP-4361 message.

It shows all connected DApps and also the chance to revoke access to them

The wallet does not include functionality to revoke approvals; it only allows users to view them.

It doesn´t require user confirmation before processing the method

It shows the NFT we are receiving when providing liquidity to a pool.

It includes token, effect, allowance, and contract spender address.

The wallet displays all the information in a JSON without parsing.

The wallet parses EIP-712 Opensea Seaport listings and ERC-20 Permits

It doesn't show any warning about incorrect address checksums and fixes the address, letting you confirm the transaction.

The sign button is always available

The wallet includes clickable links in the transaction history and during the process of sending a transaction.

After clicking the 'Recovery phrase' button, the wallet requires a password to display the mnemonics or private keys.

The wallet has a "Lock Button".

The wallet's default lock time is more than 20 minutes

The wallet supports biometrics but is not enabled by default. It enforces rate limits on login attempts, requires a password of at least six characters, and does not allow weak passwords.

It doesn't warn the user about the risks of copying mnemonics to the clipboard and exceeds the minute.

It tells you it's risky to share your secret words or private keys with others. These alerts appear before the mnemonic viewing process.

The wallet alerts users about connections to known phishing dApps like https://arbitrum-token-bridge-cqjggprvn-offchain-labs.vercel.app/

The wallet alerts users about interactions with known phishing or scam addresses.

The wallet doesn't inform users when they are interacting with well-known, verified URLs (DApps) like 1inch or uniswap.

The wallet doesn't emit any warnings when trying to send a transaction to an unknown address.

The wallet truncates the website URL when it detects a phishing url

The wallet hides spam or scam tokens and NFTs sent to the wallet.

The wallet clearly informs users, within the connection dialog, that by connecting they are allowing the DApp to view their wallet balance and activity, as well as to request transaction approvals.