From 058f177b9b6569c6b4e6d0fa1db62179f45fd398 Mon Sep 17 00:00:00 2001
From: Pascal Marco Caversaccio <pascal.caversaccio@hotmail.ch>
Date: Sun, 24 Dec 2023 11:50:44 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=93=96=20Document=20Private=20Key=20Deplo?=
 =?UTF-8?q?yment=20Risks?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Pascal Marco Caversaccio <pascal.caversaccio@hotmail.ch>
---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index ebd991e0..6314fe12 100644
--- a/README.md
+++ b/README.md
@@ -837,6 +837,7 @@ Generally, for security issues, see our [Security Policy](./SECURITY.md). Furthe
   we strongly recommend implementing a permissioned deploy protection by setting the first 20 bytes equal to `msg.sender` in the `salt` to prevent maliciously intended frontrun proxy deployments on other chains.
 
 - The target EVM version for compilation is set to [`paris`](https://github.com/ethereum/execution-specs/blob/master/network-upgrades/mainnet-upgrades/paris.md), i.e. neither the contract creation bytecode of [`CreateX`](./src/CreateX.sol) nor the returned runtime bytecode contains a [`PUSH0`](https://www.evm.codes/#5f?fork=shanghai) instruction.
+- Please refer to our comment in the discussion [here](https://github.com/pcaversaccio/createx/discussions/61#discussioncomment-7937359) for background information on the risks of our private-key-based deployment approach.
 
 ## Tests