To prevent a replay attack, you should use the nonce in the signed data. The user should sign the data along with a unique nonce value each time. Also, the nonce should be stored on-chain, to show that the user has previously sent the signature with that nonce:

    mapping (address => mapping(uint => bool)) nonceUsedMap;    function submitRequest(        address _signer,        address _target,        uint _param1,        uint _param2,        uint _nonce,        bytes memory _signature    )    public onlyAuthorized {        bytes memory input = abi.encode(_target, _param1, _param2, _nonce);        bytes32 inputHash = keccak256(abi.encodePacked(input));        inputHash = inputHash.toEthSignedMessageHash();        address recoveredAddress = inputHash.recover(_signature);        require(recoveredAddress ...