Any added module can disable the `PalmeraGuard` and `PalmeraModule`

[hats-bug-reporter[bot]]

Github username: -- Twitter username: @EgisSec Submission hash (on-chain): 0x0c1e068f749c94461255b74099f55176124aba9661186d80a5956c54273dcf1a Severity: high

Description: Description\ The idea behind the PalmeraGuard is that once it's added it cannot be removed.

checkAfterExecution checks for this specific case.

The problem is that checkAfterExecution is only called when a tx is executed through the Safe's execTransaction, not when it's called through execTransactionFromModule.

So if there is an external module in an enabled Safe, that module can call setGuard on the Safe and change the guard or disable it completely.

Attack Scenario\

Attachments

1. Proof of Concept (PoC) File

2. Revised Code File (Optional) Use a 1.5.0 Gnosis Safe, which also has a Module Guard, so you can defend against these sort of attacks.

[alfredolopez80]

Non- issue, i guess mixed two context totally different, any option to enable module or set Guard you need to handle directly from your own safe, not into the Palmera Module or Palmera Guard, if you need to set Guard or unset the Guard is totally possible if you follow the correct steps, and have the autority into the OnChain Organization, any additional info you can check this Unit-Test in Foundry where we test different scenarios around this point:

https://github.com/hats-finance/Palmera-0x5fee7541ddcd51ba9f4af606f87b2c42eea655be/blob/main/test/PalmeraGuardTest.t.sol

PD: version 1.4.1 is real. and beyond that it have more controls about it