Read on Twitter
(1/5) I was pretty excited to play around with the @ProjectSerum ERC20 deposit feature, but after digging into the smart contract code, I found it left a lot to be desired from a decentralization standpoint 
https://abs.twimg.com/emoji/v2/... draggable="false" alt="👇" title="Rückhand Zeigefinger nach unten" aria-label="Emoji: Rückhand Zeigefinger nach unten">
" title="(1/5) I was pretty excited to play around with the @ProjectSerum ERC20 deposit feature, but after digging into the smart contract code, I found it left a lot to be desired from a decentralization standpoint https://abs.twimg.com/emoji/v2/... draggable="false" alt="👇" title="Rückhand Zeigefinger nach unten" aria-label="Emoji: Rückhand Zeigefinger nach unten">" class="img-responsive" style="max-width:100%;"/>
(2/5) After using it to deposit an ERC20 token, I found the Ethereum contract behind it: https://etherscan.io/address/0xeae57ce9cc1984f202e15e038b964bb8bdf7229a">https://etherscan.io/address/0...
(3/5) My biggest concern is that it seems that the contract owner has the ability to withdraw any amount of ERC20 token or ETH stored in the contract.
(4/5) The owner appears to be just a normal EOA: https://etherscan.io/address/0x067d382e61c06cea2815069d9d97fd3ee5df2361,">https://etherscan.io/address/0... so whoever controls that address can drain the contract -- ~$6M in funds at this time.
(5/5) It also seems for someone to withdraw tokens they put into the contract, they need a signature from the contract owner as well--again, a great deal of power vested in the EOA owner.
