diff --git a/libcrux-ml-dsa/src/arithmetic.rs b/libcrux-ml-dsa/src/arithmetic.rs
index 13cf27e60..09192f902 100644
--- a/libcrux-ml-dsa/src/arithmetic.rs
+++ b/libcrux-ml-dsa/src/arithmetic.rs
@@ -39,20 +39,24 @@ impl PolynomialRingElement {
             return true;
         }
 
+        let mut exceeds = false;
+
         // It is ok to leak which coefficient violates the bound since
         // the probability for each coefficient is independent of secret
         // data but we must not leak the sign of the centralized representative.
+        //
+        // TODO: We can break out of this loop early if need be, but the most
+        // straightforward way to do so (returning false) will not go through hax;
+        // revisit if performance is impacted.
         for coefficient in self.coefficients.iter() {
             // Normalize the coefficient
             let sign = coefficient >> 31;
             let normalized = coefficient - (sign & (2 * coefficient));
 
-            if normalized >= value {
-                return true;
-            }
+            exceeds |= normalized >= value;
         }
 
-        return false;
+        exceeds
     }
 }
 
@@ -61,13 +65,16 @@ pub(crate) fn vector_infinity_norm_exceeds<const DIMENSION: usize>(
     vector: [PolynomialRingElement; DIMENSION],
     value: i32,
 ) -> bool {
+    let mut exceeds = false;
+
+    // TODO: We can break out of this loop early if need be, but the most
+    // straightforward way to do so (returning false) will not go through hax;
+    // revisit if performance is impacted.
     for i in 0..DIMENSION {
-        if vector[i].infinity_norm_exceeds(value) {
-            return true;
-        }
+        exceeds |= vector[i].infinity_norm_exceeds(value);
     }
 
-    false
+    exceeds
 }
 
 #[inline(always)]
diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs
index 5308c5e4f..42e64f236 100644
--- a/libcrux-ml-dsa/src/ml_dsa_generic.rs
+++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs
@@ -266,9 +266,9 @@ pub(crate) fn sign<
         if attempt >= 576 {
             // Depending on the mode, one try has a chance between 1/7 and 1/4
             // of succeeding.  Thus it is safe to say that 576 iterations
-            // are enough as (6/7)⁵⁷⁶ < 2⁻¹²⁸.
+            // are enough as (6/7)⁵⁷⁶ < 2⁻¹²⁸[1].
             //
-            // TODO: Attribute to CIRCL.
+            // [1]: https://github.com/cloudflare/circl/blob/main/sign/dilithium/mode2/internal/dilithium.go#L341
             panic!("At least 576 signing attempts were made; this should only happen 1 in 2^{{128}} times: something is wrong.")
         }