Front Run of addBlackList() function in ERC20Token.sol contract
Summary
Front Run of addBlackList() function in ERC20Token.sol contract.
Vulnerability Detail
Front running can be done either by sending a tx with a higher gas price (usually tx are ordered in a block by the gas price / total fee), or by paying an additional fee to the validator if they manage to run their tx without reverting (i.e. by sending additional ETH to block.coinbase, hoping validator will notice it).
Impact
Malicious user could listen the mempool in order to check if he sees a tx of blacklisting for his address , if it happens he could front run this tx by sending a tx with higher gas fee to transfer his funds to prevent them to shouldn't call transferFrom() and transfer() function.
radev_sw
medium
Front Run of addBlackList() function in ERC20Token.sol contract
Summary
Front Run of
addBlackList()
function inERC20Token.sol
contract.Vulnerability Detail
Front running can be done either by sending a tx with a higher gas price (usually tx are ordered in a block by the gas price / total fee), or by paying an additional fee to the validator if they manage to run their tx without reverting (i.e. by sending additional ETH to block.coinbase, hoping validator will notice it).
Impact
Malicious user could listen the mempool in order to check if he sees a tx of blacklisting for his address , if it happens he could front run this tx by sending a tx with higher gas fee to transfer his funds to prevent them to shouldn't call transferFrom() and transfer() function.
Code Snippet
https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/ERC20Token.sol#L259-L263
Tool used
Manual Review
Recommendation
Can use some sort of delay mechanism for transfers functions to prevent user from transferring their funds if blacklisted.