It's possible to prevent funds from being locked by the blacklist
Vulnerability Detail
Malicious users that should be blacklisted can run a script to monitor the mempool and listen for a transaction that calls addBlackList() for their addresses, and front run the transaction that calls addBlackList() with a higher gas fee to transfer their tokens away before they are added to the blacklist, effectively preventing their funds from being locked
Impact
Malicious users that should be blacklisted can prevent their funds to be locked
Kaiziron
medium
Front-running of addBlackList() function
Summary
It's possible to prevent funds from being locked by the blacklist
Vulnerability Detail
Malicious users that should be blacklisted can run a script to monitor the mempool and listen for a transaction that calls addBlackList() for their addresses, and front run the transaction that calls addBlackList() with a higher gas fee to transfer their tokens away before they are added to the blacklist, effectively preventing their funds from being locked
Impact
Malicious users that should be blacklisted can prevent their funds to be locked
Code Snippet
https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/ERC20Token.sol#L259-L263
Tool used
Manual Review
Recommendation
Use a private mempool when adding malicious users to the blacklist with addBlackList()