Glossary
Signature Replay
Reusing a signed message on a different context — chain, contract, or nonce — than the signer intended, because the signed payload didn't include enough domain separation.
A signed message that doesn't include the chain ID, contract address, and nonce in its hashed payload can sometimes be replayed on a different chain (forks!), at a different contract (with the same signer key), or after the original action was already performed. The signer thought they authorized one thing; the attacker uses the signature to authorize something else.
EIP-712 typed-data signing adds explicit domain separators (name, version, chainId, verifyingContract) precisely to prevent replay. Every signed-message scheme that isn't EIP-712 is a candidate to audit for replay risk.