I notice that the ERC-20 is not perfect.
There are still some issues where the ERC-20 token standards cannot be resolved.
There are token instances that can be destroyed without warning before they are used to pay for contracts through the use of an Ether. Estimated, about $ 3 million was lost because of this.
To fix this, the Ethereal community recently set up a new standard called ERC-223. These standards are not compatible with ERC-20, however, developers are encouraged to use ERC-20 until the compatibility is achieved.
In April 2018, the number of token deposits and token withdrawals based on Ethereum. This situation is described as a "general fuss" and may allow an attacker to own a large token.
And at the moment, there are no traditional security methods that can fix these weaknesses.