diff --git a/contracts/common/ContextMixin.sol b/contracts/common/ContextMixin.sol
index e544486d..13c8ff95 100644
--- a/contracts/common/ContextMixin.sol
+++ b/contracts/common/ContextMixin.sol
@@ -1,5 +1,13 @@
 pragma solidity 0.6.6;
 
+/**
+ * @notice DISCLAIMER:
+ * Do not use NativeMetaTransaction and ContextMixin together with OpenZeppelin's "multicall"
+ * nor any other form of self delegatecall!
+ * Risk of address spoofing attacks.
+ * Read more: https://blog.openzeppelin.com/arbitrary-address-spoofing-vulnerability-erc2771context-multicall-public-disclosure
+ */
+
 abstract contract ContextMixin {
     function msgSender()
         internal
diff --git a/contracts/common/NativeMetaTransaction.sol b/contracts/common/NativeMetaTransaction.sol
index ccde1fb5..0b93f68a 100644
--- a/contracts/common/NativeMetaTransaction.sol
+++ b/contracts/common/NativeMetaTransaction.sol
@@ -1,5 +1,13 @@
 pragma solidity 0.6.6;
 
+/**
+ * @notice DISCLAIMER:
+ * Do not use NativeMetaTransaction and ContextMixin together with OpenZeppelin's "multicall"
+ * nor any other form of self delegatecall!
+ * Risk of address spoofing attacks.
+ * Read more: https://blog.openzeppelin.com/arbitrary-address-spoofing-vulnerability-erc2771context-multicall-public-disclosure
+ */
+
 import {SafeMath} from "@openzeppelin/contracts/math/SafeMath.sol";
 import {EIP712Base} from "./EIP712Base.sol";