Exactly my point proof of work can not be Sybil attacked, and under Bitcoin Unlimited the blocksize limit is determined by the economic majority through proof of work. Not the nodes like you claim, therefore BU is not vulnerable to such an attack vector.
BU nodes do not accept the longest chain if it disagrees with their idea of validity (e.g. block size), until that longest chain is a sufficient number of blocks ahead. This creates forks that will persist for up to an hour or even longer, and can be used for attacks. Many merchant systems currently use 1-3 confirms on Bitcoin and will either have to change that to a higher number or be easily attacked.