diff --git a/.github/workflows/on_pr_pnpm-format-label.yml b/.github/workflows/on_pr_pnpm-format-label.yml
index 84fb27cb3e..83f23775a4 100644
--- a/.github/workflows/on_pr_pnpm-format-label.yml
+++ b/.github/workflows/on_pr_pnpm-format-label.yml
@@ -1,5 +1,9 @@
 name: pnpm-format-label
 
+permissions:
+  contents: read
+  issues: write
+
 on:
   pull_request:
     types: [labeled]
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index bb22f4c721..96f89abbfa 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -9,6 +9,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: ./.github/actions/install-dependencies
+      - run: pnpm install --no-frozen-lockfile
 
   build:
     name: Run build
diff --git a/FUNDING.json b/FUNDING.json
new file mode 100644
index 0000000000..cb7bbaf783
--- /dev/null
+++ b/FUNDING.json
@@ -0,0 +1,10 @@
+{
+  "drips": {
+    "ethereum": {
+      "ownedBy": "0x9a72807e1BC8A5e1E178f51E26239d58F511EB3D"
+    }
+  },
+  "opRetro": {
+    "projectId": "0x62408999652f3bfa1be746d256bf5a4eb4719b993d40f07d2d60aaebee015018"
+  }
+}
diff --git a/packages/services/identity-instrument/src/index.ts b/packages/services/identity-instrument/src/index.ts
index f7b477b6ce..12eb0f0ffc 100644
--- a/packages/services/identity-instrument/src/index.ts
+++ b/packages/services/identity-instrument/src/index.ts
@@ -65,7 +65,7 @@ export class IdentityInstrument {
         keyType: KeyType.Ethereum_Secp256k1,
       },
       digest: Hex.fromBytes(digest),
-      nonce: Hex.fromNumber(Date.now()),
+      nonce: Hex.random(16),
     }
     const res = await this.rpc.sign({
       params,
diff --git a/packages/wallet/dapp-client/src/DappTransport.ts b/packages/wallet/dapp-client/src/DappTransport.ts
index 090b1070b8..7b4f3c5d28 100644
--- a/packages/wallet/dapp-client/src/DappTransport.ts
+++ b/packages/wallet/dapp-client/src/DappTransport.ts
@@ -560,6 +560,10 @@ export class DappTransport {
   }
 
   private generateId(): string {
-    return `${Date.now().toString(36)}-${Math.random().toString(36).substring(2, 9)}`
+    // Use crypto.getRandomValues for cryptographically secure randomness
+    const array = new Uint32Array(2);
+    window.crypto.getRandomValues(array);
+    const randStr = (array[0].toString(36) + array[1].toString(36)).slice(0, 9);
+    return `${Date.now().toString(36)}-${randStr}`;
   }
 }