Profile Guardian
Learn how Profile Guardian works and how to use it.
Introduced by LIP-4, the Profile Guardian is a security feature that bolsters the safety of Lens profiles. It safeguards against involuntary transfers of Profile NFTs by mandating a 7-day cooldown period. This period must pass before a transfer can be executed, similar to the waiting period for Apple ID account recovery.
During this period, users can receive notifications from apps, which allows them to intervene if they did not initiate the Cooldown Period. Enabled by default, this feature provides an additional layer of protection for users' Profile NFTs, thereby minimizing the risk of phishing and unauthorized profile takeovers.
Disable Profile Guardian
To approve or transfer a Lens Profile NFT, the user must explicitly disable the safety layer by executing the DANGER__disableTokenGuardian method. This initiates a 7-day Security Cooldown Period, after which the Profile Guardian is effectively disabled.
Once the Profile Guardian is disabled, the user can transfer ANY Profile NFT owned by the given address without restrictions.
The DANGER prefix was specifically chosen to highlight the significance of this method and to minimize the risk of unintentional execution.
Enable Profile Guardian
The Profile Guardian is enabled by default for all Lens Profiles.
If a user has previously disabled the Profile Guardian, they can re-enable it by executing the enableTokenGuardian method. The Profile Guardian will be effective immediately after the transaction is confirmed.
Check Profile Guardian Status
You can check the status of your profile's Guardian by including the guardian fragment in the profile query. This will only return results if you are authenticated with the API using the same profile for which you are requesting the Guardian status. This information is also available in all Profile data returned when using the SDKs.
That's it—you've just learned how to use the Profile Guardian feature to protect your Lens Profile NFTs.