The Multi-Asset Standard (MAS) is a standards specification repository. Security is critical for any Ethereum standard.

If you discover a security vulnerability in:

• The MAS specification
• The reference implementation
• Documentation that could lead to security issues

Please report it responsibly:

1. DO NOT open a public issue
2. Use GitHub Security Advisories: https://github.com/VaultBricks/MAS/security/advisories/new
3. Or email: security@vaultbricks.io

• Description of the vulnerability
• Steps to reproduce (if applicable)
• Potential impact
• Suggested fix (if you have one)

• Initial Response: Within 48 hours
• Status Update: Within 7 days
• Fix Timeline: Depends on severity (critical issues prioritized)

The MAS specification includes a dedicated Security Considerations section. All implementations should:

1. Oracle Security: Use secure, manipulation-resistant price oracles
2. Reentrancy Protection: Implement proper reentrancy guards
3. Access Control: Enforce strict ownership and authorization
4. Integer Overflow: Use Solidity 0.8+ or SafeMath
5. Front-running: Consider MEV protection mechanisms
6. Upgrade Safety: If using upgradeable patterns, ensure proper safeguards

This security policy covers:

• MAS EIP specification
• Reference implementations (MinimalMAS, etc.)
• Documentation and integration guides
• Third-party implementations (contact their maintainers)
• VaultBricks production implementation (see BOLD-APEX repository)

We appreciate responsible disclosure and will acknowledge security researchers who help improve MAS security.