diff --git a/coins/monero/src/wallet/scan.rs b/coins/monero/src/wallet/scan.rs
index 4a9fecc8..8dc144ea 100644
--- a/coins/monero/src/wallet/scan.rs
+++ b/coins/monero/src/wallet/scan.rs
@@ -140,9 +140,9 @@ impl Metadata {
 /// A received output, defined as its absolute ID, data, and metadara.
 #[derive(Clone, PartialEq, Eq, Debug, Zeroize, ZeroizeOnDrop)]
 pub struct ReceivedOutput {
-  pub absolute: AbsoluteId,
-  pub data: OutputData,
-  pub metadata: Metadata,
+  pub(crate) absolute: AbsoluteId,
+  pub(crate) data: OutputData,
+  pub(crate) metadata: Metadata,
 }
 
 impl ReceivedOutput {
diff --git a/coins/monero/src/wallet/send/mod.rs b/coins/monero/src/wallet/send/mod.rs
index 1ba8e8fa..554b1c1d 100644
--- a/coins/monero/src/wallet/send/mod.rs
+++ b/coins/monero/src/wallet/send/mod.rs
@@ -339,6 +339,12 @@ impl SignableTransaction {
     // Calculate the extra length
     let extra = Extra::fee_weight(outputs, has_payment_id, data.as_ref());
 
+    // https://github.com/monero-project/monero/pull/8733
+    const MAX_EXTRA_SIZE: usize = 1060;
+    if extra > MAX_EXTRA_SIZE {
+      Err(TransactionError::TooMuchData)?;
+    }
+
     // This is a extremely heavy fee weight estimation which can only be trusted for two things
     // 1) Ensuring we have enough for whatever fee we end up using
     // 2) Ensuring we aren't over the max size
@@ -544,6 +550,7 @@ impl SignableTransaction {
 
     let mut serialized = Vec::with_capacity(extra_len);
     extra.write(&mut serialized).unwrap();
+    debug_assert_eq!(extra_len, extra);
     serialized
   }
 
diff --git a/docs/integrations/Monero.md b/docs/integrations/Monero.md
index 76f170cd..ea85b944 100644
--- a/docs/integrations/Monero.md
+++ b/docs/integrations/Monero.md
@@ -28,7 +28,9 @@ per not supporting integrated addresses.
 ### In Instructions
 
 Monero In Instructions are present via `tx.extra`, specifically via inclusion
-in a `TX_EXTRA_NONCE` tag, and accordingly limited to 255 bytes.
+in a `TX_EXTRA_NONCE` tag. The tag is followed by the VarInt length of its
+contents, and then additionally marked by a byte `127`. The following data is
+limited to 254 bytes.
 
 ### Out Instructions