diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..a6bbc91
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,31 @@
+# Security Policy
+
+## Supported Versions
+
+We actively support the following versions of bc-forge:
+
+| Version | Supported |
+| --- | --- |
+| `main` branch | Yes |
+| Latest tagged release | Yes |
+| Older released versions | No |
+
+If a vulnerability affects an older release, please still report it. We may not ship fixes for every historical version, but we will review the impact and decide whether backporting is appropriate.
+
+## Reporting a Vulnerability
+
+Please report security issues privately so we can investigate before any public disclosure.
+
+Preferred contact methods:
+
+1. GitHub Security Advisories for a private report.
+2. GitHub Discussions for non-sensitive coordination and general security questions.
+
+Please include:
+
+- A clear description of the issue
+- The affected component and version, if known
+- Steps to reproduce
+- Any proof of concept, logs, or screenshots that help us confirm the impact
+
+We aim to acknowledge reports promptly and work with reporters toward a safe fix and coordinated disclosure.
diff --git a/contracts/admin/src/lib.rs b/contracts/admin/src/lib.rs
index e76d173..df76834 100644
--- a/contracts/admin/src/lib.rs
+++ b/contracts/admin/src/lib.rs
@@ -1,6 +1,7 @@
 //! Reusable access-control primitives for Soroban contracts.
 
 #![no_std]
+#![allow(clippy::manual_assert)]
 
 use soroban_sdk::{contracttype, vec, Address, Env, String, Vec};
 
diff --git a/contracts/lifecycle/src/lib.rs b/contracts/lifecycle/src/lib.rs
index 526e195..084763a 100644
--- a/contracts/lifecycle/src/lib.rs
+++ b/contracts/lifecycle/src/lib.rs
@@ -5,6 +5,7 @@
 //! all token transfers and minting until the admin unpauses.
 
 #![no_std]
+#![allow(clippy::manual_assert)]
 
 use soroban_sdk::{contracttype, Address, Env};
 
diff --git a/contracts/token/src/lib.rs b/contracts/token/src/lib.rs
index 5faad34..74cf3b0 100644
--- a/contracts/token/src/lib.rs
+++ b/contracts/token/src/lib.rs
@@ -5,6 +5,7 @@
 //! role-based access control, clawback regulatory features, lockup/vesting, and multi-sig support.
 
 #![no_std]
+#![allow(clippy::manual_assert)]
 
 mod events;
 
@@ -346,6 +347,9 @@ impl BcForgeToken {
         admin::approve_proposal(&env, signer, proposal_id);
     }
 
+        env.deployer()
+            .update_current_contract_wasm(new_wasm_hash.clone());
+        events::emit_upgrade(&env, &admin, &new_wasm_hash);
     pub fn execute_proposal(env: Env, proposal_id: u64) {
         admin::mark_executed(&env, proposal_id);
         let action: TokenAction = env
@@ -552,6 +556,11 @@ impl BcForgeToken {
         Ok(())
     }
 
+    /// Updates the token symbol. Admin-only.
+    pub fn update_symbol(env: Env, new_symbol: String) {
+        let admin = Self::read_admin(&env);
+        admin.require_auth();
+
     pub fn update_symbol(env: Env, new_symbol: String) -> Result<(), TokenError> {
         let current_admin = Self::read_admin(&env)?;
         current_admin.require_auth();