Validators can only be added but not removed

[code423n4]

Handle

pants

Vulnerability details

The contract allows only to add validators but doesn't allow to remove them. The addValidator fucntion adds them and there is no function to remove a Validator. This is ability the owner should have.

A similar issue is here: https://github.com/code-423n4/2021-06-gro-findings/issues/51

[kitti-katy]

disabling validator is its "removal". We do not want to get rid of the instance completely since there will still be stakings that people would need to unstake and redeem the rewards.

[GalloDaSballo]

Agree with the sponsor, the validator is either valid or disabled, you do want to preserve that history for claiming + deactivating accounts