Update contract authorization how-to-guide cross contract auth example

docs/build/guides/auth/contract-authorization.mdx

@@ -252,7 +252,7 @@ To illustrate how to add authorization to a simple cross-contract invocation, we
 
 The invoking contract in the mentioned example contract creates a client for invoking the `add()` function in the addition contract. Let’s say we want the `add()` contract to be authorized by a user. Then, we need to pass the user to the `add()` contract function from the invoking function.
 
-Even though the invoking function may not require the user’s authorization, the `add()` function will panic if it encounters authorization not tied to the root/top contract invocation. Therefore, we need to use `require_auth()` on the user in the invoking function.
+Even though the invoking function may not require the `user`’s authorization, it's recommended to authorize the `user` at the entry point. Without that, the authorized inner `add()` call can be front-run by anyone without being wrapped in `add_with()`. Adding `require_auth()` at the entry point ensures that all the inner contract calls that are authorized on behalf of the `user` will be executed atomically together with the entry point call. Therefore, we need to use `require_auth()` on the `user` in the invoking function.
 
 This is how the function looks: