diff --git a/crates/bft-json-crdt/src/json_crdt.rs b/crates/bft-json-crdt/src/json_crdt.rs
index 77527fd..087323c 100644
--- a/crates/bft-json-crdt/src/json_crdt.rs
+++ b/crates/bft-json-crdt/src/json_crdt.rs
@@ -17,6 +17,12 @@ use fastcrypto::{
     traits::{KeyPair, ToFromBytes},
     // Verifier,
 };
+// TODO: serde's json object serialization and deserialization (correctly) do not define anything
+// object field order in JSON objects. However, the hash check impl in bft-json-crdt does take order
+// into account. This is going to cause problems later for non-Rust implementations, BFT hash checking
+// currently depends on JSON serialization/deserialization object order. This shouldn't be the case
+// but I've hacked it for the moment to get the PoC working. To see the problem, replace this with
+// a std HashMap, everything will screw up (annoyingly, only *most* of the time).
 use indexmap::IndexMap;
 use serde::{Deserialize, Serialize};
 use serde_with::{serde_as, Bytes};