Bugs‌ ‌found‌ ‌in‌ Spot Wallet: Crypto & DeFi for Android

Spot Wallet: Crypto & DeFi

Spot Wallet: Crypto & DeFi is a mobile solution for buying, selling, swapping, and sending cryptos. The app also allows importing your wallet from Metamask, Phantom, Rainbow, and Coinbase.

The app supports WalletConnect, which means you can connect to other DeFi solutions, such as OpenSea or Uniswap. Spot Wallet also offers a reward program so one can earn free Bitcoin for referring friends. News, intelligent or custom price alerts, and real-time charts are included too.

QAwerk has a record in testing DeFi solutions, so we know where to look for bugs. We decided to challenge the Spot Wallet development team and see if we could find any issues with the app. Here are the results!

100k+ downloads
0 ratings

Device security (e.g. pattern) is not applied on launch if “Ask for PIN code at launch” is disabled

Severity:

Major

Precondition:
  1. The app is installed.
  2. The wallet is created/restored.
  3. The PIN code is set in the app.
  4. The device security (e.g. pattern) is set in device settings.
Steps to Reproduce:
  1. Open the app.
  2. Tap the “Profile” button top right.
  3. Tap the “Security” button.
  4. Enter the PIN.
  5. Scroll down to the “Authentication & PIN code” section.
  6. Enable the “Use device security (fingerprint, face, unlock, pattern)” toggle.
  7. Disable the “Ask for PIN at launch” toggle (if enabled).
  8. Close the app.
  9. Open the app.
Environment:

Samsung Galaxy S7, Android 8.0.0

Actual Result:

The app’s main screen opens.

Expected Result:

The app’s security screen (e.g. pattern) opens.

PIN code is not requested on launch if “Use device security (fingerprint, face, unlock, pattern)” is enabled

Severity:

Minor

Precondition:
  1. The app is installed.
  2. The wallet is created/restored.
  3. The PIN code is set in the app.
  4. The device security (e.g. pattern) is set in device settings.
Steps to Reproduce:
  1. Open the app.
  2. Tap the “Profile” button top right.
  3. Tap the “Security” button.
  4. Enter the PIN.
  5. Scroll down to the “Authentication & PIN code” section.
  6. Enable the “Use device security (fingerprint, face, unlock, pattern)” toggle.
  7. Enable the “Ask for PIN at launch” toggle (if enabled).
  8. Close the app.
  9. Open the app.
  10. Enter data for a security check (e.g. pattern).
Environment:

Samsung Galaxy S7, Android 8.0.0

Actual Result:

The app’s main screen opens.

Expected Result:

The PIN screen opens.

Receive token list - amounts for coins with large names flicker

Severity:

Trivial

Precondition:
  1. The app is installed.
  2. The wallet is created/restored.
Steps to Reproduce:
  1. Open the app.
  2. Tap the “Receive” button.
  3. Enter the string “token” to the search field.
Environment:

Samsung Galaxy S7, Android 8.0.0

Actual Result:

Coins with large names like “Bounce Finance Governance Token” & “Ampleforth Governance Token” are displayed with flickering amounts on the right.

Expected Result:

Amounts for coins with large names are shown correctly.

Receive token - address title is shifted left for coins with large names

Severity:

Trivial

Precondition:
  1. The app is installed.
  2. The wallet is created/restored.
Steps to Reproduce:
  1. Open the app.
  2. Tap the “Receive” button.
  3. Enter the string “token” to the search field.
  4. Tap “Bounce Finance Governance Token” or “Ampleforth Governance Token”.
Environment:

Samsung Galaxy S7, Android 8.0.0

Actual Result:

The address title is shifted to the left.

Expected Result:

The address title is centered.

Receive token - address title is shifted left for coins with large names
Receive token - address title is shifted left for coins with large names

Receive token list - fiat currency amount for Kishu Inu is not displayed

Severity:

Trivial

Precondition:
  1. The app is installed.
  2. The wallet is created/restored.
Steps to Reproduce:
  1. Open the app.
  2. Tap the “Receive” button.
  3. Scroll down to the “Kishu Inu” coin.
Environment:

Samsung Galaxy S7, Android 8.0.0

Actual Result:

The fiat currency amount for Kishu Inu is not displayed.

Expected Result:

The fiat currency amount for Kishu Inu is displayed.

Receive token list - fiat currency amount for Kishu Inu is not displayed

Chart title “Bounce Finance Governance Token” doesn’t fit screen width

Severity:

Trivial

Precondition:
  1. The app is installed.
  2. The wallet is created/restored.
Steps to Reproduce:
  1. Open the app.
  2. Tap the “Manage” button in the “Wallet” section.
  3. Scroll down to the “Bounce Finance Governance Token” coin.
  4. Tap on the “Bounce Finance Governance Token” coin.
Environment:

Samsung Galaxy S7, Android 8.0.0

Actual Result:

Chart title “Bounce Finance Governance Token” does not fit the screen width.

Expected Result:

Chart title “Bounce Finance Governance Token” fits the screen width.

Chart title “Bounce Finance Governance Token” doesn’t fit screen width
I performed functional and usability testing; overall, the app ran as expected. However, a PIN request and other device security controls didn't work under specific configurations. Tokens with long names may also cause UI bugs. I'd emphasize testing the app with varying security settings to prevent similar issues.
Aliaksei, QA engineer

Aliaksei, QA engineer

Need a reliable QA partner?

Hire us