The American cryptocurrency exchange Coinbase explained in its blog what technical criterias it pays attention to before deciding to list an ERC-20 token.
Nadir Akhtar, Blockchain Security Specialist at Coinbase, listed four criteria every ERC-20 token should have: verified source code; using libraries that comply with industry standards; limited capabilities of administrative roles; uncomplicated and modular structure.
Having verified source code is "the most important criterion for listing a token." Akhtar recommends that developers upload the source code of all smart contracts to a "trusted" platform (e.g Etherscan). If the code has not yet been deployed, then it should be added to the repository on GitHub.
Developers should avoid writing smart contract code from scratch because they might miss out on an important detail that compromises the integrity of the token. Akhtar recommends using popular and proven standards (for example, the OpenZeppelin smart contract repository).
ERC-20 token smart contracts must have limited privileged (or administrative) rights. Holders of these rights can pause transactions, change balances, or completely change the logic of the token. Finally, token protocols should be simple and modular in design and avoid unnecessary complexity.
In addition to the criteria listed above, Coinbase is also looking into external audits, detailed documentation, and up-to-date versions of the Solidity language.
According to Akhtar, the external audit of smart contracts is especially important, since failures in their work can cost millions of dollars.