diff --git a/SECURITY.md b/SECURITY.md
index dbf5eb603..70d4c61fd 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -47,12 +47,13 @@ vulnerability, it must adhere to these assumptions as well:
 
 - The immutable variables `MAX_SEGMENT_COUNT` and `MAX_TRANCHE_COUNT` have values that cannot lead to an overflow of the
   block gas limit.
-- The total supply of any ERC-20 token remains below 2<sup>128</sup> - 1, i.e., `type(uint128).max`.
+- The total supply of any ERC-20 token remains below $(2^{128} - 1)$, i.e., `type(uint128).max`.
 - The `transfer` and `transferFrom` methods of any ERC-20 token strictly reduce the sender's balance by the transfer
   amount and increase the recipient's balance by the same amount. In other words, tokens that charge fees on transfers
   are not supported.
 - An address' ERC-20 balance can only change as a result of a `transfer` call by the sender or a `transferFrom` call by
-  an approved address. This excludes rebase tokens and interest-bearing tokens.
+  an approved address. This excludes rebase tokens, interest-bearing tokens, and permissioned tokens where the admin can
+  arbitrarily change balances.
 - The token contract does not allow callbacks (e.g. ERC-777 is not supported).
 - There is no need for exponents greater than ~18.44 in `LockupDynamic` segments.
 - Recipient contracts on the hook allowlist have gone through due diligence and are assumed to expose no risk to the