From fbd6ee08acc5dd1cf33783ec61fea753f071922b Mon Sep 17 00:00:00 2001
From: CJ42 <cavallerajean@gmail.com>
Date: Fri, 3 Nov 2023 17:03:39 +0000
Subject: [PATCH] chore: add notice in Natspec for `isValidSignature`

---
 contracts/LSP0ERC725Account/LSP0ERC725AccountCore.sol | 5 +++++
 contracts/LSP6KeyManager/LSP6KeyManagerCore.sol       | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/contracts/LSP0ERC725Account/LSP0ERC725AccountCore.sol b/contracts/LSP0ERC725Account/LSP0ERC725AccountCore.sol
index 848675f96..86e1b6051 100644
--- a/contracts/LSP0ERC725Account/LSP0ERC725AccountCore.sol
+++ b/contracts/LSP0ERC725Account/LSP0ERC725AccountCore.sol
@@ -725,6 +725,11 @@ abstract contract LSP0ERC725AccountCore is
      * @param signature A signature that can validate the previous parameter (Hash).
      *
      * @return returnedStatus A `bytes4` value that indicates if the signature is valid or not.
+     *
+     * @custom:warning This function does not enforce by default including the address of this contract in the signature digest.
+     * It is recommended that protocols or applications using this contract to include the targeted address (= this contract) in the data to sign.
+     * To ensure that this signature should be valid for a specific LSP0ERC725Account and prevent signatures from the same EOA to be replayed
+     * across different LSP0ERC725Accounts.
      */
     function isValidSignature(
         bytes32 dataHash,
diff --git a/contracts/LSP6KeyManager/LSP6KeyManagerCore.sol b/contracts/LSP6KeyManager/LSP6KeyManagerCore.sol
index 9edf51cff..27da61fdc 100644
--- a/contracts/LSP6KeyManager/LSP6KeyManagerCore.sol
+++ b/contracts/LSP6KeyManager/LSP6KeyManagerCore.sol
@@ -152,6 +152,11 @@ abstract contract LSP6KeyManagerCore is
      * If the signer is a controller with the permission `SIGN`, it will return the ERC1271 success value.
      *
      * @return returnedStatus `0x1626ba7e` on success, or `0xffffffff` on failure.
+     *
+     * @custom:warning This function does not enforce by default including the address of this contract in the signature digest.
+     * It is recommended that protocols or applications using this contract to include the targeted address (= this contract) in the data to sign.
+     * To ensure that this signature should be valid for a specific LSP6KeyManager and prevent signatures from the same EOA to be replayed
+     * across different LSP6KeyManager.
      */
     function isValidSignature(
         bytes32 dataHash,