From 8fd49ec0f017f026ca93ce66f9f5a9498f9c4c8d Mon Sep 17 00:00:00 2001
From: Nicolas Lara <nicolaslara@gmail.com>
Date: Tue, 17 Oct 2023 19:08:41 +0200
Subject: [PATCH] docs warning (#70)

---
 modules/ibc-hooks/README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/ibc-hooks/README.md b/modules/ibc-hooks/README.md
index a4eca719..6ff5a792 100644
--- a/modules/ibc-hooks/README.md
+++ b/modules/ibc-hooks/README.md
@@ -40,6 +40,8 @@ For use with IBC hooks, the message fields above can be derived from the followi
 - `Msg`: This field should be directly obtained from the ICS-20 packet metadata.
 - `Funds`: This field is set to the amount of funds being sent over in the ICS-20 packet. The denom in the packet must be specified as the counterparty chain's representation of the denom.
 
+> **_WARNING:_**  Due to a [bug](https://twitter.com/SCVSecurity/status/1682329758020022272) in the packet forward middleware, we cannot trust the sender from chains that use PFM. Until that is fixed, we recommend chains to not trust the sender on contracts executed via IBC hooks.
+
 
 The fully constructed execute message will look like the following: