diff --git a/src/segfault.rs b/src/segfault.rs
index d9f56db..ff1c25c 100644
--- a/src/segfault.rs
+++ b/src/segfault.rs
@@ -1,19 +1,11 @@
 //! A 100% memory-safe segmentation fault.
 //!
-//! We use the soundness hole to create a mutable null reference to a `u8`.
-//!
-//! The smart pointer exists on the stack, but was dropped, so the reference
-//! is borrowing arbitrary data on the stack. We can then fill the stack with zeros, which
-//! replaces the smart pointer's address with zero, creating a null reference in safe Rust.
-//!
-//! By accessing the contents of the pointer, we force Rust to dereference the null pointer,
-//! causing a segfault.
-//!
-//! > **Note:** In theory this should work with a normal box, but in practice Rust reads random
-//! > memory instead of segfaulting on a null pointer. We think this is due to compiler
-//! > optimisations.
+//! We first use the soundness hole (and our transmute implementation) to create a mutable null reference to a `u8`.
+//! Then, we dereference it to get a segmentation fault!
 
 /// Segfaults the program.
+///
+/// See [`crate::transmute()`]
 pub fn segfault() -> ! {
 	let null = crate::null_mut::<u8>();
 	*null = 42;