a malicious user can front-run of addBlackList() function
Summary
a malicious user can front-run of addBlackList() function
Vulnerability Detail
In this case, Front-running occurs when a malicious user transfers his funds before getting blacklisted. The attacker submits a transaction with a higher gas fee, aiming to execute it before a get blacklisted.
Impact
Attacker listens to the mempool for knowing when his address gets blacklisted, when sees a transaction for blacklisting his address, transfers all funds to another address to prevent locking funds.
Code Snippet
function addBlackList(address evilUser) public onlyGuardian {
require(evilUser != address(0), "Invalid address");
isBlackListed[evilUser] = true;
emit AddedBlackList(evilUser);
}
Avci
medium
a malicious user can front-run of addBlackList() function
Summary
a malicious user can front-run of addBlackList() function
Vulnerability Detail
In this case, Front-running occurs when a malicious user transfers his funds before getting blacklisted. The attacker submits a transaction with a higher gas fee, aiming to execute it before a get blacklisted.
Impact
Attacker listens to the mempool for knowing when his address gets blacklisted, when sees a transaction for blacklisting his address, transfers all funds to another address to prevent locking funds.
Code Snippet
https://github.com/sherlock-audit/2023-04-unitasprotocol-0xdanial/blob/d59a82993940aa3ef72593a75925d8600eb3514b/Unitas-Protocol/src/ERC20Token.sol#L259-L263
Tool used
Manual Review
Recommendation
consider preventing this bug with implementing logic for function in a way that it makes non-profit to the user from doing so...