I’m currently a second-year Ph.D. student at the School of Software Engineering, Sun Yat-sen University.
I am under the supervision of Prof. Zibin Zheng (郑子彬) and Dr. Jiachi Chen (陈嘉弛) at InPlusLab since Aug. 2021.
My research interests include software security and empirical study (especially for smart contracts), static analysis, and LLM. I have published 5 papers at the top (CCF-A) international Software Engineering/Security conferences/journals such as ICSE, ISSTA, TOSEM, TIFS.
🔥 News
- 🌟 Smart contract audit and transaction trace platform XBlock Web3 Product is online
- 2024.07: 🎉 One paper is accepted by ICSE 2025
- 2024.05: 🎉 One paper is accepted by TOSEM
- 2023.12: 🎉 One paper is accepted by TIFS
- 2023.10: 🎉 I win the President Scholarship for Doctoral Students of SYSU
- 2023.10: 🎉 One paper is accepted by ICSE 2024
- 2023.08: I join LightYear Security Lab, AntGroup as a research intern in Hangzhou, China
- 2023.04: 🎉 One paper is accepted by ISSTA 2023
👻 Confirmed Bugs/PoCs
- CVE-2024-44445 assigned, which is related to the contract state manipulation attack.
- PoCs of 10 uncovered attacks are found and confirmed by DeFiHackLabs
- 2 GPTs prompt-leak bugs are confirmed by corresponding developers, and 1 developer accepts our prompt protection suggestion.
- 2 confirmed issues in Uniswap V4 Periphery and Stop Loss Orders with Uniswap V4 Hooks Repos.
📝 Publications
Hyperion: Unveiling DApp Inconsistencies using LLM and Dataflow-Guided Symbolic Execution (Accepeted by ICSE 2025 Early Cycle!)
Shuo Yang, Xingwei Lin, Jiachi Chen, Qingyuan Zhong, Lei Xiao, Renke Huang, Yanlin Wang, Zibin Zheng
- Hyperion is the first work that unveils 7 types of inconsistencies between DApp frontend description and backend smart contracts
- Combined techniques with LLM and program analysis
- Contract IR-based symbolic execution guided by preliminary dataflow analysis
Shuo Yang, Jiachi Chen, Mingyuan Huang, Zibin Zheng, Yuan Huang
- BlockWatchdog is the first work to identify reentrancy attacker contracts based on static dataflow analysis
- We provide the rust implementation Lydia (>10% faster)
Definition and Detection of Defects in NFT Smart Contracts
Shuo Yang, Jiachi Chen, Zibin Zheng
- NFTGuard is the first work to define and detect the 5 defects in NFT smart contracts
-
FunFuzz: A Function-oriented Fuzzer for Smart Contract Vulnerability Detection with High Effectiveness and Efficiency, Mingxi Ye, Yuhong Nan, Hong-Ning Dai, Shuo Yang, Zibin Zheng, Xiapu Luo.
-
Towards Understanding Asset Flows in Crypto Money Laundering Through the Lenses of Ethereum Heist, Jiajing Wu, Dan Lin, Qishuang Fu, Shuo Yang, Ting Chen, Zibin Zheng, Bowen Song.
🎖 Honors and Awards
- 2023.10 President Scholarship for Doctoral Students
- 2023.09 1st prize of China Service Computing Innovation Contest
- 2023.04 8th Place at Numen Cyper CTF (Capture-The-Flag)
- 2021.06 3rd Prize of Competition of Service Outsourcing and Entrepreneurship Innovation
- 2021.05 3rd Prize of Chinese Undergraduate Internet Software Design Competition
- 2020.06 3rd Prize of Competition of Service Outsourcing and Entrepreneurship Innovation
- 2019.08 2nd Prize of Chinese Undergraduate Computer Design Contest
📖 Educations
- 2022.09 - now, Phd, Sun Yat-sen University, Zhuhai.
- 2018.09 - 2022.06, Undergraduate, Zhongnan University of Economics and Law, Wuhan.
- 2015.09 - 2018.06, Hubei Wuchang Experimental High School, Wuhan.
💬 Invited Talks
- 2024.08, ICSE’25 accepted papers symposium held by CCF Software Engineering Committee, Virtual
- 2024.04, ICSE 2024 oral presentation, Lisbon, Portugal
- 2024.02, ICSE’24 accepted papers symposium held by CCF Software Engineering Committee, Virtual
- 2023.07, ISSTA 2023 oral presentation, Seattle, USA
💻 Internships
- 2023.08 - 2024.01, LightYear Security Lab, AntGroup, Hangzhou.
- 2021.10 - 2022.01, R&D of blockchain underlying platform, Webank, Shenzhen.
- 2021.07 - 2021.08, YGSoft, Wuhan.
🔧 Skills
- English: IELTS 7.0, GRE 321+4.0, CET6 566, CET4 626
- Programming Language: Python, Java, Solidity, Rust, C/C++, JavaScript