I own a handy asus x00p with android 8 that fits my hand (released in 2018). I have a newer android 11 device (released in 2020) but it’s larger and heavier and I don’t really like using it.
What are the security risks, if I go ahead using the 2018 model to 2fauthenticate?
You are basically fine, especially if the phone is offline as another poster says, and if you don’t have too much potential malware installed. For really high end authentication you wouldn’t want to use a phone in the first place.
Another issue is that if you’re using a phone 2fa app to authenticate a browser on the same phone that has a password manager, that is not really 2fa. You want the second factor to be on a separate device.