(1/5) I was pretty excited to play around with the @ProjectSerum ERC20 deposit feature, but after digging into the smart contract code, I found it left a lot to be desired from a decentralization standpoint
https://abs.twimg.com/emoji/v2/... draggable="false" alt="👇" title="Rückhand Zeigefinger nach unten" aria-label="Emoji: Rückhand Zeigefinger nach unten">
(2/5) After using it to deposit an ERC20 token, I found the Ethereum contract behind it: https://etherscan.io/address/0xeae57ce9cc1984f202e15e038b964bb8bdf7229a">https://etherscan.io/address/0...
(3/5) My biggest concern is that it seems that the contract owner has the ability to withdraw any amount of ERC20 token or ETH stored in the contract.
(4/5) The owner appears to be just a normal EOA: https://etherscan.io/address/0x067d382e61c06cea2815069d9d97fd3ee5df2361,">https://etherscan.io/address/0... so whoever controls that address can drain the contract -- ~$6M in funds at this time.