Kuant

FuturesMarginPoolClassics contract (address: 0xF6ae4e36A14DA4bE1988911d5E03544Dc35DFf3a) is a futures margin custody pool controlled by a single EOA (admin: 0x289A903f873c49d1289964D9A0F8AebdD2a2b217), presenting severe fund security risks. This EOA possesses the following unrestricted powers: (1) Can transfer any amount of margin tokens to vaults address via withdrawAdminFun(), and vaults address can be modified by admin to any address (including admin itself) at any time, enabling direct theft of all user margins; (2) Can change margin token address via modifyMarginAddress() anytime, causing original tokens to be locked in contract unwithdrawable or switching to malicious token contracts; (3) Can modify all critical addresses including withdrawAdmin, feeAddress, and vaults to self-controlled addresses, forming complete monopoly; (4) The withdrawAdmin role (also controllable by admin) can set arbitrarily high fees with no caps when processing user withdrawals, achieving de facto theft by changing feeAddress to own address.
Though a non-upgradeable regular contract, it holds substantial user margins with all critical operations controlled by single EOA, no multisig, no timelock, no withdrawal limits - single key compromise or admin malfeasance results in total user fund loss.