“Is Walletconnect Safe” vs “Is Wallet Connect Safe”: WalletConnect Security Best Practices Documentation

Summary: WalletConnect v2 offers a safe, end-to-end encrypted way to handle messaging between wallets and apps. But remember, how secure your setup is really hinges on how you manage permissions, verify domains, and craft the user experience when it comes to signing. This guide breaks down the most recent WalletConnect specs and incidents, turning them into actionable steps for startups and larger businesses alike.

TL;DR for decision‑makers

WalletConnect v2 steps up its game by encrypting messages end-to-end using some solid tech (think X25519 + HKDF + ChaCha20-Poly1305) and authenticating clients with Ed25519 DIDs. The relay gets to see just the topics, tags, and TTLs--not your actual payloads. It’s all about strong transport security, not just app-level trust. Check out the details at (specs.walletconnect.com).
Just a heads up, V1 has been shut down since June 28, 2023. If you’re still coming across a wc:@1 QR link, consider it a red flag and make sure you switch to v2 ASAP. More info can be found at (walletconnect.com).
Sadly, most losses are tied to phishing and drainers through sketchy front-ends or fake apps, rather than protocol issues. It's smart to use the Verify API for domain attestation in wallets and make sure your dapp domain is registered so wallets can give users a heads-up or block suspicious activity. Learn more at (docs.walletconnect.network).
When it comes to sessions, keep them tight by sticking to CAIP-2 chains, CAIP-10 accounts, and explicit method allowlists. It’s best to use typed data (EIP-712) and set shorter expiries--up to 7 days for businesses needing sign-offs is reasonable. Find the specs here: (specs.walletconnect.com).
Make your mobile linking and user experience rock solid: go for deep links over universal links, steer clear of redirect metadata abuse, and think about using Link Mode to cut down on latency and prevent WebSocket issues on unreliable networks. More best practices can be found at (docs.walletconnect.network).

Part 1 -- What WalletConnect secures (and what it doesn’t)

WalletConnect is a super flexible messaging layer that works across different blockchains, using a topic-based pub/sub approach to send encrypted JSON-RPC messages between wallets and dapps. The relayer just holds onto encrypted messages until their time-to-live (TTL) runs out, so your data stays safe and sound. Each identity is a decentralized ID (DID) that's generated from an Ed25519 keypair, and it gets authenticated to the relay using a signed JWT. While messages are being sent, we use X25519 for session key agreement, and the symmetric keys are derived through HKDF. Plus, the payloads are secured with ChaCha20-Poly1305. For more details, check this out: (specs.walletconnect.com).

What This Means:

When we talk about "what this means," we’re diving into the implications or significance of a certain topic, event, or piece of information. It’s all about understanding how it affects us or what we should take away from it.

Key Points to Consider:

Context Matters: The meaning can change depending on the situation. It’s like how a joke can land differently depending on the audience.
Personal Impact: Think about how it relates to you or your community. Does it bring opportunities or challenges?
Broader Implications: Sometimes, it’s not just about the immediate situation. There might be larger trends or changes at play that could affect other areas as well.

Example of Application:

Let’s say there's a new technology launch. What does this mean for the industry? For jobs? For consumers? Here’s a quick rundown:

For the Industry: It could signal innovation or shifts in market demands.
For Jobs: New tech might create new roles or change existing ones.
For Consumers: It might lead to better products or new pricing models.

So, when someone says, "What this means is...", they’re inviting you to really think about the details and the bigger picture.

Just a heads up: the relay operator can't peek at your messages or figure out your account addresses from the payloads. What they can see are topics, tags, TTLs, and some user-agent hints for diagnostics. You can check out more about it here.
Keep in mind that messages only stick around on the server until the set TTL runs out. You’ll see the common tags and TTLs defined per RPC--for instance, 300 seconds for wc_sessionRequest and a whole day (86400 seconds) for session updates. More details are available here.
Just a reminder: WalletConnect isn’t a shield against bad transactions. If someone approves a sketchy request, the signature is still valid. So, it's up to you to have strong permissions, domain verification, and an intuitive user experience to keep things safe. Check out more on this link.

Note on Network Operations and Decentralization

As of 2025, WalletConnect is rolling out a network that includes service and gateway nodes, along with a roadmap aimed at decentralization. They’re keeping the communication open regarding WCN 2.0 and the involvement of third-party operators. It’s important to view these developments as enhancements in performance and resilience rather than shifts in the end-to-end security model. Check out more details here.

Part 2 -- v1 vs v2: why the difference matters

So, v1 is out of the picture now; it relied on bridge servers and had a different URI scheme. If you keep using v1 URIs (like wc:…@1?bridge=…), you’re putting yourself in a risky spot since it's no longer supported. It’s time to switch over to v2 URIs (like wc:…@2?symKey=…&relay-protocol=irn&methods=…). You can read more about it here.
With v2, we’ve got some cool new features like Namespaces (CAIP‑2/CAIP‑10) and the ability to set explicit permissions for chains, methods, and events right when you propose a session. This is your main tool for keeping things safe and minimizing impact. Check out the details here.

Example of a Secure, Minimal V2 Proposal for an EVM-Only Read/Write DApp on Ethereum Mainnet:

Overview

This proposal outlines a straightforward but secure approach to building a read/write decentralized application (DApp) specifically for the Ethereum mainnet, focusing on an EVM-only environment. We’re aiming to keep it simple while ensuring robust security measures.

Architecture

The DApp consists of the following components:

Smart Contracts: The backbone of our DApp, handling all the logic and storage.
Frontend: A user-friendly interface that interacts with the smart contracts.
Wallet Integration: Using MetaMask (or similar) for user authentication and transaction signing.

Smart Contracts

Let’s break down the smart contract functionalities:

Read Operations: Functions that allow users to fetch data from the blockchain.
Write Operations: Functions that enable users to submit data to the blockchain, requiring gas fees.

Code Example

Here’s a simple example of a Solidity contract:

pragma solidity ^0.8.0;

contract SimpleStorage {
    uint256 private storedData;

    function set(uint256 x) public {
        storedData = x;
    }

    function get() public view returns (uint256) {
        return storedData;
    }
}

Frontend

The frontend will be built using React or a similar framework, ensuring a smooth and responsive user experience. It will communicate with the Ethereum network through libraries like ethers.js or web3.js.

Sample Component

Here’s a snippet of how a component might look:

import React, { useState } from 'react';
import { ethers } from 'ethers';

const SimpleStorageComponent = () => {
    const [value, setValue] = useState('');

    const handleSubmit = async (e) => {
        e.preventDefault();
        // Logic to interact with the smart contract
    };

    return (
        <form onSubmit={handleSubmit}>
            <input type="text" value={value} onChange={(e) => setValue(e.target.value)} />
            <button type="submit">Submit</button>
        </form>
    );
};

Security Considerations

Security is key! Here are some measures to keep in mind:

Audit Smart Contracts: Always have your contracts reviewed by a professional auditor.
Limit External Calls: Be cautious when calling external contracts; they can introduce vulnerabilities.
Use Libraries: Rely on well-established libraries for common functions to reduce risk.

Conclusion

This proposal aims to lay the groundwork for a secure, minimal read/write DApp on Ethereum’s mainnet. By focusing on fundamental components and best practices, we can build something reliable and user-friendly. Feel free to reach out for any questions or suggestions!

Relevant Links:
- Ethereum Documentation
- Solidity Documentation

{
  "requiredNamespaces": {
    "eip155": {
      "chains": ["eip155:1"],
      "methods": [
        "eth_sendTransaction",
        "eth_signTypedData"
      ],
      "events": ["chainChanged", "accountsChanged"]
    }
  },
  "optionalNamespaces": {}
}

When it comes to namespacing, the rules are pretty strict--chains need to be CAIP‑2 compliant, and session accounts have to meet CAIP‑10 standards. Make sure to enforce these checks in your client. You can check out the details here: (specs.walletconnect.com).

Part 3 -- Real‑world threats and what they teach us

1) Supply-chain injection via third-party connectors (Dec 14, 2023)

A compromised version of the Ledger Connect Kit made its way onto npm/CDN, sneaking in a drainer into several dapps. This exploit took advantage of tricky blind or vague signing prompts to deceive users--not a WalletConnect cryptography flaw. In response, Ledger rolled out a fixed kit, Tether stepped in to freeze affected assets, and Ledger promised to phase out blind signing altogether. The takeaway? Don’t just trust libraries blindly; make sure to fail hard on domain mismatches and block unsafe signing methods. (ledger.com)

2) Fake “WalletConnect” Mobile Apps (Sept 2024)

Scammers managed to sneak a phony “WalletConnect” app onto Google Play, which ended up draining around $70,000 from unsuspecting users. WalletConnect issued a reminder that there’s no official “WalletConnect” wallet app out there. The takeaway here? It's super important to educate users. Plus, in wallets and dapps, make sure to display verified brand metadata and Verify API status clearly. (thecoinrepublic.com)

3) Implementation Gaps

Ecosystem wallets might not fully support every aspect of the spec (like those pesky historical optional namespace issues). So, don’t just assume that all optional UX features are working seamlessly. It’s a good idea to code defensively and check for feature support at runtime. You can find more info here.

Part 4 -- Controls you should implement today

4.1 Session scoping and permissions

Only ask for the chains you really need (CAIP‑2) and stick to signing methods that you actually use. If it’s not necessary, just say no at the wallet level. (specs.walletconnect.com)
Go for EIP‑712 typed data (eth_signTypedData/…v4) when you’re doing off-chain authentication and permissions. Try to steer clear of raw eth_sign since it can be a bit vague and is often misused by malicious actors. (eips.ethereum.org)
Make sure to set reasonable expiration times for your session requests. According to the spec, the minimum is 5 minutes and the maximum is 7 days. For a better user experience, it’s best to default to minutes; but for custody MPC or after-hours approvals, feel free to extend it with clear UI options. (specs.walletconnect.com)

Code Pattern for a Narrowly-Scoped, Expiring Request

When working with requests that need to be tightly controlled and have a limited lifespan, it’s important to have a solid pattern in place. Here’s a straightforward approach to implement this type of functionality.

Basic Structure

This pattern typically includes:

Request Scope: Clearly define what the request will cover.
Expiration Time: Set a time limit for how long the request is valid.
Handling Expiration: Properly manage what happens after the request expires.

Implementation Steps

Define the Request Scope
- Determine the specific data or action your request will handle. This ensures it stays focused and efficient.
Set the Expiration Time
- Choose how long you want the request to be valid. You can use a time duration in milliseconds, seconds, etc., depending on your needs.
Check for Expiration
- Before processing the request, ensure it hasn't expired. If it has, return an appropriate message or take necessary actions.

Sample Code

Here’s a quick example of how you might implement this in code:

function createExpiringRequest(scope, duration) {
    const expirationTime = Date.now() + duration;

    return {
        scope,
        isExpired: function() {
            return Date.now() > expirationTime;
        },
        handleRequest: function() {
            if (this.isExpired()) {
                return "Request has expired.";
            }
            // Process the request here
            return `Handling request for scope: ${this.scope}`;
        }
    };
}

// Usage
const request = createExpiringRequest("userData", 5000); // expires in 5 seconds
console.log(request.handleRequest()); // Should process the request

setTimeout(() => {
    console.log(request.handleRequest()); // Should indicate it's expired
}, 6000);

Summary

This pattern helps you manage requests that need to be limited in scope and time. By following the steps outlined, you should be able to create a reliable and efficient expiring request system that keeps things running smoothly and securely.

Feel free to tweak it to fit your specific use case!

// send a typed data signature request with 10-minute expiry
signClient.request({
  topic,
  chainId: "eip155:1",
  request: {
    method: "eth_signTypedData",
    params: [address, typedData],
    expiry: Math.floor(Date.now()/1000) + 600
  }
});

Make sure the TTLs for relay publishing match your expiry. If you find they don’t quite line up, consider bumping them up a bit so the relay has enough time to hang onto the message for the user to respond. You can check out more details here.

4.2 Domain verification and phishing defenses

If you're running a wallet, make sure to integrate the Verify API and display one of these four states: VALID, UNVERIFIED, MISMATCH, or THREAT. You’ll want to back this up with a domain registry and threat feeds. Don't forget to block or at least warn users about any mismatches or threats. (docs.walletconnect.network)
If you're a dapp, take a moment to register your trusted domains. This way, wallets can verify them easily. Plus, make sure that your app.metadata.url lines up perfectly with your canonical domain. (walletconnect.com)

Pseudo‑UX:

When we talk about Pseudo-UX, we're diving into the world of user experience that isn't quite the real deal. It's like a facade that gives off the impression of a user-friendly interface but lacks the depth and usability that actually makes an experience worthwhile. Here’s a closer look at what it encompasses:

What is Pseudo-UX?

Pseudo-UX refers to design elements or interfaces that seem to prioritize user experience on the surface but fail to deliver genuine usability and functionality. This can happen for a variety of reasons, such as:

Aesthetic Over Functionality: Designers might focus too much on making things look good but forget about how intuitive they are.
Trendy Effects: Sometimes, flashy animations or transitions are used just because they're in vogue, even if they don't enhance the user's experience.
Misleading Simplicity: An interface might appear easy to use but can be confusing due to a lack of clear navigation or feedback.

Signs of Pseudo-UX

Recognizing Pseudo-UX is key to improving real user experiences. Here are some classic signs to watch out for:

Overly Complex Navigation: If it takes you longer than a few seconds to find what you need, that’s a red flag.
Lack of Feedback: If you click a button and you're not sure if it did anything, that can be really frustrating.
Unnecessary Steps: Interfaces that ask for too many confirmations or unnecessary information can drive users away.
Inconsistent Design: When buttons and features look different all over the place, it can make things confusing.

How to Fix Pseudo-UX

If you want to ditch the Pseudo-UX and create something that genuinely resonates with users, consider these tips:

User Testing: Get real feedback from actual users to identify pain points.
Focus on Clarity: Keep navigation straightforward and ensure that every feature has a purpose.
Iterate: Always be ready to tweak your design based on user feedback. It’s a continuous process.
Balancing Aesthetics and Functionality: While good looks are important, they shouldn’t come at the expense of usability.

Examples of Pseudo-UX

Here are a few examples that highlight Pseudo-UX in action:

Animated Loading Screens: While these can be fun, excessive loading animations can annoy users waiting for a response.
Hidden Features: If important tools are buried in menus or only accessible after extensive searching, they won’t benefit users.
Trendy Color Schemes: Sometimes, designs that are too flashy or don’t follow conventional color principles can make it hard for users to focus.

By being aware of what Pseudo-UX looks like and how to avoid it, you can create a more engaging and functional user experience. It’s all about marrying good design with real usability, so users walk away feeling satisfied!

walletKit.on("verify_context", (ctx) => {
  switch (ctx.status) {
    case "VALID":      showGreenBanner(appUrl); break;
    case "UNVERIFIED": showNeutralBanner(appUrl); break;
    case "MISMATCH":   block("Domain mismatch"); break;
    case "THREAT":     hardBlock("Known malicious domain"); break;
  }
});

4.3 Safer authentication

Go ahead and use WalletConnect’s Auth flow (wc_sessionAuthenticate) alongside SIWE (EIP‑4361) and CACAO (CAIP‑74) to connect identity to your domain and the capabilities you want to request. This sets you up for “one‑click auth” and helps cut down on phishing by providing a wallet-parsed summary. You can check out more about it here.
Keep SIWE messages tightly scoped: think domain, statement, nonce, chainId, and expiry. Try to steer clear of vague “sign to continue” prompts. For more details, take a look here.

4.4 Mobile linking hygiene

Go for deep links instead of universal links to keep those pesky browser detours at bay. Also, steer clear of auto-redirecting users based on QR-scan metadata; that can lead them to the wrong app. (docs.walletconnect.network)
If you're working with a native dapp and a native wallet, switch on Link Mode. This lets you send session or authentication requests through universal/app links when WebSockets are acting up--better reliability and reduced latency, yay! (docs.walletconnect.network)
Make sure the wallet sends users back to the app they started from after they approve or reject something. Also, don’t bother with those incomplete URIs that are just there to wake the wallet up. (docs.walletconnect.network)

4.5 Transport, observability, and SLOs

Keep an eye on relay connectivity and latency. According to WalletConnect best practices, you should aim for a connection or sign-in time of under 5 seconds on decent networks, and under 15 seconds if the network's not so great. Don't forget to track those relayer_connect and relayer_disconnect events. (docs.walletconnect.network)
If you're working with regulated or institutional setups, go for those extended request expiries--up to 7 days is totally doable! Just make sure your UX makes pending or timeout situations clear and keep good audit trails. (docs.walletconnect.network)

4.6 Banning dangerous methods and patterns

It's a good idea to ban or restrict eth_sign and old-school personal message signing when it comes to anything that could affect security. Instead, stick with EIP‑712. You can read more about it here.
Avoid asking for permissions that cover the entire wallet; instead, list out the specific contract addresses and methods you're using. Make sure to include this info in your session proposal UX so users know exactly what they're agreeing to. Check out the details here.

Part 5 -- Designing a secure WalletConnect session (end‑to‑end)

1) Pairing and URI

When it comes to v2 pairings, you’ll want to use the wc: URI with a few must-have parameters: symKey, methods, relay-protocol (usually it’s irn), and an optional expiryTimestamp. Here’s the format you should follow:

wc:<topic>@2?symKey=<hex>&methods=[wc_sessionPropose],[wc_authRequest,wc_authBatchRequest]&relay-protocol=irn&expiryTimestamp=<unix>

You can dive into more details over at the specs.walletconnect.com.

2) Session Proposal

When you're sending session proposals, stick to just the requiredNamespaces. There's no need to include optionalNamespaces unless you know the wallets you're targeting can handle them. Make sure to double-check the sessionNamespaces you get back: accounts should always be in CAIP‑10 format, and the chain prefixes have to match up. You can dive deeper into the details here: specs.walletconnect.com.

3) Authentication (optional but recommended)

It’s a good idea to use wc_sessionAuthenticate (CACAO) to tie the user’s address to your domain and the capabilities you’ve requested before making any calls that change the state. Just remember to keep an eye on the expiry time; it should be anywhere from 5 minutes to 7 days. Check out the details here: specs.walletconnect.com

4) Requests

When handling each wc_sessionRequest, make sure to set an expiry that fits well with your user experience. Don’t forget to ensure that the relay TTL matches that timeframe. Also, keep in mind that wallets should turn down any requests if the method or chain hasn't been approved during the session. For more details, check out the WalletConnect specs.

5) Events and Lifecycle

Make sure to manage session_expire and proposal_expire smoothly. Let users have the option to extend or delete their sessions using wc_sessionExtend and wc_sessionDelete. This helps avoid those pesky “zombie” permissions. Check out more details here.

Part 6 -- Practical examples you can lift into production

Minimal EIP‑712 signing flow with domain verification

// 1) Propose a minimal session on mainnet
const proposal = {
  requiredNamespaces: {
    eip155: {
      chains: ["eip155:1"],
      methods: ["eth_signTypedData"],
      events: ["chainChanged", "accountsChanged"]
    }
  }
};

// 2) After approval, verify domain context (wallet side)
walletKit.on("verify_context", (ctx) => {
  if (ctx.status === "MISMATCH" || ctx.status === "THREAT") {
    return showBlocker("Unsafe domain");
  }
});

// 3) Send a typed-data request with short expiry
await signClient.request({
  topic,
  chainId: "eip155:1",
  request: {
    method: "eth_signTypedData",
    params: [userAddress, typedData],
    expiry: Math.floor(Date.now()/1000) + 300 // 5 minutes
  }
});

Why This is Safer

Alright, let’s break down why this approach is more secure:

Tight chain/method scope: By limiting the scope, we ensure that transactions can only do what they’re supposed to. This reduces the chances of any unwanted actions occurring.
Typed data with domain separation (EIP-712): Structuring your data types clearly and separating them by domain helps to avoid confusion and potential misuse. Check out more on this here.
Short expiry: Setting a short time limit on transactions minimizes the window for attacks or misuse. If something's not used quickly, it becomes invalid, keeping things more secure.
Explicit domain verification: This means we double-check that the data comes from the right place. It adds a layer of confidence that what you’re dealing with is legit.

These elements come together to create a much safer environment when working with transactions.

Institutional approval flow with extended expiry

Extended Expiry for Off-Hours Co-Signing or Custody Approvals

To make things easier for those off-hours co-signing or handling custody approvals, you can now use an extended expiry of up to 7 days. Just a heads-up: the wallet user experience should clearly show countdowns and double-check intent right at the time of signing.

await signClient.request({
  topic,
  chainId: "eip155:1",
  request: {
    method: "eth_sendTransaction",
    params: [tx],
    expiry: Math.floor(Date.now()/1000) + 172800 // 48 hours
  }
});
// relay TTL must be >= expiry window

Spec Constraints

Minimum Time: 5 minutes
Maximum Time: 7 days

Your wallet needs to make sure it tosses out any expired requests and sends back a clear "request expired" error message. For more details, check out the WalletConnect specs.

Example C -- Mobile‑first reliability with Link Mode

If your native dapp is helping out commuters on unreliable networks, consider turning on Link Mode. This way, session and authentication requests will use app or universal links rather than relying on a live WebSocket to the relay. It really helps to lower perceived latency and decreases the chances of drop-offs. Check out the details here: (docs.walletconnect.network)

Part 7 -- Governance, hosting, and operational reality

Just a heads up, self-hosting the v2 relay isn’t really recommended for production use according to the archived reference repo. It's better to stick with the WalletConnect Network and its published SLAs while we wait for more decentralization to kick in. (github.com)
WalletConnect lays out details on relay APIs, TTLs, and webhook semantics. If you decide to go the watchdog route, make sure to sign and verify those webhook events and limit retries as specified. (specs.walletconnect.com)

Part 8 -- UX standards and ecosystem signals

Check out WalletConnect Certified and WalletGuide surface wallets--they're built with stricter UX and security standards. When you're rolling out to enterprises, lean towards Certified wallets and make sure to document all the cool features they support (like Verify API, Link Mode, SIWE, and multi-chain). You can read more about it here.
If any of your users ask about a “WalletConnect app,” take a moment to explain: WalletConnect is actually a protocol! They should pick a trustworthy wallet and connect using the in-app scanner or a confirmed dapp domain. This tip is especially important given the recent fake-app scams. Dive deeper into this issue here.

Part 9 -- Security checklist (copy/paste into your runbook)

Protocol/version
- We're on Block v1, so only wc:@2 URIs are accepted. You can check out more details here.
Permissions
- For CAIP‑2 chains, be specific with the networks you list; no wildcards allowed.
- As for methods, only allow what you actually use, and steer clear of eth_sign. More on this can be found here.
Authentication
- Use wc_sessionAuthenticate along with SIWE and tie it to your domain. You can find the specs here.
Expiries
- It's best to keep expiries short by default, and only extend them for custody flows (max 7 days). Don't forget to sync with the relay TTL. More info is available here.
Domain verification
- Make sure to register your domain! For wallets, integrate the Verify API and block any MISMATCH/THREAT alerts. Details can be found here.
Mobile linking
- Deep links are the way to go; try to avoid redirect metadata when scanning QR codes, and think about using Link Mode. More on best practices can be found here.
Observability
- Keep an eye on relayer_connect and relayer_disconnect. Track your connect/sign latency to make sure you're hitting those <5s/<15s SLOs. Check out the details here.
User education
- Just a heads-up: there’s no "WalletConnect app." Always connect from verified dapps, and be careful about blind signing. You can read more about this here.
Supply chain
- Make sure to pin and monitor any third-party kits you’re using. Always verify their integrity, and make sure to fail closed if unexpected prompts come up. You can see more about this here.

Part 10 -- FAQ: “Is Walletconnect Safe” vs “Is Wallet Connect Safe”

It’s really all the same--folks use both spellings when searching. The important thing to think about is whether your setup is secure. WalletConnect v2’s crypto and relay model are solid, but your risks come from session scope, domain verification, signing UX, and how you manage library supply chains. Make sure to stick to the controls outlined in this document. (specs.walletconnect.com)

Appendix -- Reference snippets and specs

Check out the WalletConnect v2 pairing URI along with parameters like symKey, methods, relay‑protocol, and expiryTimestamp. You can dive deeper into this here.
Want to understand namespaces and CAIP compliance for chains and accounts? Look no further than this link.
Get the scoop on RPC TTLs and expiry ranges for session methods, like wc_sessionRequest, by checking out this resource.
And don’t forget about the EIP‑712 typed data spec--find all the details here.

Bottom line for startups and enterprises

WalletConnect is pretty safe, especially when you think of it as a secure way to transport data in a solid security program. If you lock down your namespaces and methods, check domains, stick to typed data, limit signing windows, and strengthen mobile linking, you can significantly reduce the chances of phishing or draining while still keeping the user experience smooth. Keep in mind, though, that the protocol won't protect you from bad decisions made in your app--but it does provide all the tools you need to create a safe and scalable on-chain product. (specs.walletconnect.com)

Get a free security quick-scan of your smart contracts

Submit your contracts and our engineer will review them for vulnerabilities, gas issues and architecture risks.

Request free audit Talk to us