Fixup Natspec (#966)

Some more natspec fixes that I found when doing the audit review.

Author: nlordell

certora/applyHarness.patch

@@ -1,14 +1,14 @@
 diff -druN Safe.sol Safe.sol
---- Safe.sol	2025-07-09 12:21:55.831312348 +0000
-+++ Safe.sol	2025-07-09 12:45:47.086078483 +0000
+--- Safe.sol	2025-07-10 09:31:37.930159103 +0000
++++ Safe.sol	2025-07-10 09:52:54.506909237 +0000
 @@ -97,22 +97,25 @@
      constructor() {
          // By setting the threshold it is not possible to call setup anymore, so we create a Safe with 0 owners and threshold 1.
          // This is an unusable Safe, perfect for the singleton
 -        threshold = 1;
 +        // threshold = 1; MUNGED: remove and add to constructor of the harness
      }
-
+ 
      /**
       * @inheritdoc ISafe
       */
@@ -31,17 +31,17 @@ diff -druN Safe.sol Safe.sol
          // Emit the setup event optimistically. This ensures that changes such as `addOwner` and `changeThreshold` that are part
          // of the  `to.delegatecall(data)` that happen in the `setupModules` call emit events in order relative to the setup
          // event, making it easier for off-chain indexers to reliably reconstruct the Safe configuration.
-@@ -416,9 +418,6 @@
-         return keccak256(abi.encode(DOMAIN_SEPARATOR_TYPEHASH, chainId, this));
+@@ -428,9 +431,6 @@
+         /* solhint-enable no-inline-assembly */
      }
-
+ 
 -    /**
 -     * @inheritdoc ISafe
 -     */
      function getTransactionHash(
          address to,
          uint256 value,
-@@ -430,7 +429,9 @@
+@@ -442,7 +442,9 @@
          address gasToken,
          address refundReceiver,
          uint256 _nonce
@@ -50,9 +50,9 @@ diff -druN Safe.sol Safe.sol
 +        // MUNGED: The function was made internal to enable CVL summaries.
 +
          bytes32 domainHash = domainSeparator();
-
+ 
          // We opted for using assembly code here, because the way Solidity compiler we use (0.7.6) allocates memory is
-@@ -486,7 +487,8 @@
+@@ -498,7 +500,8 @@
              // Store the domain separator.
              mstore(add(ptr, 32), domainHash)
              // Calculate the hash.
@@ -63,8 +63,8 @@ diff -druN Safe.sol Safe.sol
          /* solhint-enable no-inline-assembly */
      }
 diff -druN base/Executor.sol base/Executor.sol
---- base/Executor.sol	2025-04-16 10:56:42.055440517 +0200
-+++ base/Executor.sol	2025-04-16 13:11:00.387097140 +0200
+--- base/Executor.sol	2025-07-10 09:25:20.305689268 +0000
++++ base/Executor.sol	2025-07-10 09:52:54.507466555 +0000
 @@ -27,12 +27,8 @@
          uint256 txGas
      ) internal returns (bool success) {
@@ -81,44 +81,44 @@ diff -druN base/Executor.sol base/Executor.sol
              /* solhint-disable no-inline-assembly */
              /// @solidity memory-safe-assembly
 diff -druN base/FallbackManager.sol base/FallbackManager.sol
---- base/FallbackManager.sol	2025-04-16 10:56:42.056440525 +0200
-+++ base/FallbackManager.sol	2025-04-16 13:11:04.608469287 +0200
-@@ -68,2 +68,2 @@
+--- base/FallbackManager.sol	2025-07-10 09:32:30.275228552 +0000
++++ base/FallbackManager.sol	2025-07-10 09:57:32.580263318 +0000
+@@ -61,7 +61,8 @@
              // at memory offset 0x40 intact, not going beyond the scratch space, etc).
              // See: <https://docs.soliditylang.org/en/latest/assembly.html#memory-safety>
-
+ 
 -            let handler := sload(FALLBACK_HANDLER_STORAGE_SLOT)
 +            // let handler := sload(FALLBACK_HANDLER_STORAGE_SLOT)
 +            let handler := and(0xffffffffffffffffffffffffffffffffffffffff, sload(FALLBACK_HANDLER_STORAGE_SLOT))
-
+ 
              if iszero(handler) {
                  return(0, 0)
 diff -druN interfaces/ISafe.sol interfaces/ISafe.sol
---- interfaces/ISafe.sol	2025-04-16 10:56:42.087440777 +0200
-+++ interfaces/ISafe.sol	2025-04-16 13:11:08.572549089 +0200
-@@ -145,7 +145,7 @@
+--- interfaces/ISafe.sol	2025-07-10 09:46:05.750311622 +0000
++++ interfaces/ISafe.sol	2025-07-10 11:11:58.751118272 +0000
+@@ -149,7 +149,7 @@
       */
      function domainSeparator() external view returns (bytes32);
-
+ 
 -    /**
 +    /*
       * @notice Returns transaction hash to be signed by owners.
-      * @param to Destination address.
-      * @param value Ether value.
-@@ -158,7 +158,6 @@
-      * @param refundReceiver Address of receiver of gas payment (or 0 if tx.origin).
-      * @param _nonce Transaction nonce.
-      * @return Transaction hash.
+      * @param to Destination address of Safe transaction.
+      * @param value Native token value of the Safe transaction.
+@@ -162,7 +162,6 @@
+      * @param refundReceiver Address of receiver of the gas payment (or 0 for `tx.origin`).
+      * @param _nonce Safe transaction nonce.
+      * @return Safe transaction hash.
 -     */
      function getTransactionHash(
          address to,
          uint256 value,
-@@ -171,3 +170,5 @@
+@@ -175,6 +174,8 @@
          address refundReceiver,
          uint256 _nonce
      ) external view returns (bytes32);
 +     */
 +    // MUNGED: The function was made internal to enable CVL summaries.
-
+ 
      /**
       * @notice Returns a descriptive version of the Safe contract.

contracts/base/ModuleManager.sol

@@ -58,9 +58,9 @@ abstract contract BaseModuleGuard is IModuleGuard {
  * @title Module Manager
  * @notice A contract managing Safe modules.
  * @dev Modules are extensions with unlimited access to a Safe that can be added to a Safe by its owners.
-        ⚠️⚠️⚠️ WARNING: Modules are a security risk since they can execute arbitrary transactions,
-        so only trusted and audited modules should be added to a Safe. A malicious module can
-        completely take over a Safe. ⚠️⚠️⚠️
+ *      ⚠️⚠️⚠️ WARNING: Modules are a security risk since they can execute arbitrary transactions,
+ *      so only trusted and audited modules should be added to a Safe. A malicious module can
+ *      completely take over a Safe. ⚠️⚠️⚠️
  * @author Stefan George - @Georgi87
  * @author Richard Meissner - @rmeissner
  */

contracts/interfaces/IModuleManager.sol

@@ -6,9 +6,9 @@ import {Enum} from "../libraries/Enum.sol";
  * @title Module Manager Interface
  * @notice Interface for managing Safe modules.
  * @dev Modules are extensions with unlimited access to a Safe that can be added to a Safe by its owners.
-        ⚠️⚠️⚠️ WARNING: Modules are a security risk since they can execute arbitrary transactions,
-        so only trusted and audited modules should be added to a Safe. A malicious module can
-        completely takeover a Safe. ⚠️⚠️⚠️
+ *      ⚠️⚠️⚠️ WARNING: Modules are a security risk since they can execute arbitrary transactions,
+ *      so only trusted and audited modules should be added to a Safe. A malicious module can
+ *      completely takeover a Safe. ⚠️⚠️⚠️
  * @author @safe-global/safe-protocol
  */
 interface IModuleManager {

contracts/interfaces/ISafe.sol

@@ -151,17 +151,17 @@ interface ISafe is INativeCurrencyPaymentFallback, IModuleManager, IGuardManager
 
     /**
      * @notice Returns transaction hash to be signed by owners.
-     * @param to Destination address.
-     * @param value Ether value.
-     * @param data Data payload.
-     * @param operation Operation type.
-     * @param safeTxGas Gas that should be used for the safe transaction.
-     * @param baseGas Gas costs for data used to trigger the safe transaction.
-     * @param gasPrice Maximum gas price that should be used for this transaction.
-     * @param gasToken Token address (or 0 if ETH) that is used for the payment.
-     * @param refundReceiver Address of receiver of gas payment (or 0 if tx.origin).
-     * @param _nonce Transaction nonce.
-     * @return Transaction hash.
+     * @param to Destination address of Safe transaction.
+     * @param value Native token value of the Safe transaction.
+     * @param data Data payload of the Safe transaction.
+     * @param operation Operation type of the Safe transaction: 0 for `CALL` and 1 for `DELEGATECALL`.
+     * @param safeTxGas Gas that should be used for the Safe transaction.
+     * @param baseGas Base gas costs that are independent of the transaction execution (e.g. base transaction fee, signature check, payment of the refund).
+     * @param gasPrice Gas price that should be used for the payment calculation.
+     * @param gasToken Token address (or 0 for the native token) that is used for the payment.
+     * @param refundReceiver Address of receiver of the gas payment (or 0 for `tx.origin`).
+     * @param _nonce Safe transaction nonce.
+     * @return Safe transaction hash.
      */
     function getTransactionHash(
         address to,