Caller.callSigned operates using an EIP-712 signature which verifies the signed data to be used in a call on behalf of the signer. The problem with this method lies in the fact that it doesn't specify the chain ID, and thus if the contract is ever deployed to multiple chains, it will be possible to replay a signature on a different chain.
Lines of code
https://github.com/code-423n4/2023-01-drips/blob/9fd776b50f4be23ca038b1d0426e63a69c7a511d/src/Caller.sol#L164
Vulnerability details
Caller.callSigned
operates using an EIP-712 signature which verifies the signed data to be used in a call on behalf of the signer. The problem with this method lies in the fact that it doesn't specify the chain ID, and thus if the contract is ever deployed to multiple chains, it will be possible to replay a signature on a different chain.