This is a starter thread for standard ways to better enforce user expectations for ERC-20 contracts, or at least provide mechanisms to inform users of hidden / undisclosed logic.
This issue was brought up in a Tweet today by @LefterisJP, and I’ve heard it discussed before.
A key problem is that potential fees triggered by maintainers and other logic can break the user experience. There is a set of assumptions/expectations around ERC-20s that is not enforced.
Additional logic also leads to higher gas costs for users.
There an effort organized by @p0n1 to track buggy / nonstandard code in ERC-20s, it may be defunct as the last commit is Oct 10, 2018.
Article by Daniel Que describing the general situation and techniques used: What we learned from auditing the top 20 ERC20 token contracts