Anyone can permanently disable the token guardian for their wallet by calling this one DANGER__disableTokenGuardian function

[code423n4]

Lines of code

https://github.com/code-423n4/2023-07-lens/blob/cdef6ebc6266c44c7068bc1c4c04e12bf0d67ead/contracts/base/LensProfiles.sol#L63-L74

Vulnerability details

Impact

A hacker could call DANGER__disableTokenGuardian, instantly disable the guardian and steal tokens or make malicious approvals

Proof of Concept

The DANGER__disableTokenGuardian function is risky and should be reconsidered. The main issue is that it allows anyone to permanently disable the token guardian for their wallet by calling this one function. The token guardian is an important security feature to prevent malicious actors from draining profiles via flash loans or compromised private keys. Once disabled, there is no timelock or ability to reenable it. This seems dangerous as a user could accidentally disable it without understanding the implications, leaving them exposed.

Tools Used

Manual

Recommended Mitigation Steps

DANGER__disableTokenGuardian should be removed or rewritten to:

• Require administrator authentication
• Have a mandatory timelock period before disabling
• Allow the guardian to be re-enabled instantly

Assessed type

Other

[c4-pre-sort]

141345 marked the issue as low quality report

[141345]

invalid

enableTokenGuardian() can resume

[Picodes]

https://github.com/code-423n4/2023-07-lens/blob/cdef6ebc6266c44c7068bc1c4c04e12bf0d67ead/contracts/interfaces/ILensProfiles.sol#L11

[c4-judge]

Picodes marked the issue as unsatisfactory: Invalid