diff --git a/src/bundle.rs b/src/bundle.rs
index 228b9d10..f84c3f6f 100644
--- a/src/bundle.rs
+++ b/src/bundle.rs
@@ -111,6 +111,7 @@ impl Flags {
     ///
     /// [txencoding]: https://zips.z.cash/protocol/protocol.pdf#txnencoding
     pub fn from_byte(value: u8) -> Option<Self> {
+        // https://p.z.cash/TCR:bad-txns-v5-reserved-bits-nonzero
         if value & FLAGS_EXPECTED_UNSET == 0 {
             Some(Self::from_parts(
                 value & FLAG_SPENDS_ENABLED != 0,
@@ -376,6 +377,7 @@ impl<T: Authorization, V: Copy + Into<i64>> Bundle<T, V> {
     /// This can be used to validate the [`Authorized::binding_signature`] returned from
     /// [`Bundle::authorization`].
     pub fn binding_validating_key(&self) -> redpallas::VerificationKey<Binding> {
+        // https://p.z.cash/TCR:bad-txns-orchard-binding-signature-invalid?partial
         (self
             .actions
             .iter()
diff --git a/src/bundle/batch.rs b/src/bundle/batch.rs
index c60d0cd5..6626b916 100644
--- a/src/bundle/batch.rs
+++ b/src/bundle/batch.rs
@@ -67,6 +67,8 @@ impl BatchValidator {
     /// figure out which of the accumulated bundles might be invalid; if that information
     /// is desired, construct separate [`BatchValidator`]s for sub-batches of the bundles.
     pub fn validate<R: RngCore + CryptoRng>(self, vk: &VerifyingKey, rng: R) -> bool {
+        // https://p.z.cash/TCR:bad-txns-orchard-binding-signature-invalid?partial
+
         if self.signatures.is_empty() {
             // An empty batch is always valid, but is not free to run; skip it.
             // Note that a transaction has at least a binding signature, so if