I am a 4th-year Ph.D. candidate at the School of Software Engineering, Sun Yat-sen University, supervised by Prof. Zibin Zheng (郑子彬) and Assoc. Prof. Jiachi Chen (陈嘉弛) at InPlusLab since Sep. 2022.

My research sits at program analysis, AI for software security, and Web3 security, with a particular focus on uncovering vulnerabilities in smart contracts and blockchain clients. I also work on AI security and adversarial risks in LLM-powered systems.

I have published 8 papers at top-tier (CCF-A) venues in Software Engineering and Security, including ICSE, ISSTA, Usenix Security, TOSEM, TSE, and TIFS.

Beyond academia, I actively hunt real-world bugs and wirte PoCs. I maintain @Defi_Nerd_sec on X/Twitter and develop DarkNavySecurity/web3-skills .

🔥 News

• 2026.01:  🎉 One paper is accepted by Usenix Security 2026. Congrats to Mingyuan!
• 2025.08:  🎉 One paper is accepted by TSE.
• 2025.07: I join DarkNavy as a research intern in Shanghai, China.
• 2025.03:  🎉 One paper is accepted by TSE. Congrats to Zhenzhe!
• 2024.11:  🎉 I win the National Scholarship for Doctoral Students.

👻 Confirmed Bugs & PoCs

• ImmuneFi Web3 Bug Bounty: $22,000 in rewards.
• PoCs of 10 previously uncovered attacks confirmed by DeFiHackLabs.
• 2 GPT prompt-leak bugs confirmed by developers; one developer adopted our prompt protection recommendation.
• Confirmed issues in Uniswap V4 Periphery and Stop Loss Orders with Uniswap V4 Hooks.

📝 Publications

2026

• Revealing the Dark Side of Smart Accounts: An Empirical Study of EIP-7702 Incurred Risks in Blockchain Ecosystem
  Mingyuan Huang, Han Liu, Shuo Yang, Daoyuan Wu, Shuai Wang.

2025

• Who is Pulling the Strings: Unveiling Smart Contract State Manipulation Attacks through State-Aware Dataflow Analysis
  Shuo Yang, Jiachi Chen, Lei Xiao, Jinyuan Hu, Dan Lin, Jiajing Wu, Tao Zhang, Zibin Zheng [Code]

• NumScout: Unveiling Numerical Defects in Smart Contracts using LLM-Pruning Symbolic Execution
  Jiachi Chen, Zhenzhe Shao, Shuo Yang, Yiming Shen, Yanlin Wang, Ting Chen, Zhenyu Shan, Zibin Zheng.

• Hyperion: Unveiling DApp Inconsistencies using LLM and Dataflow-Guided Symbolic Execution
  Shuo Yang, Xingwei Lin, Jiachi Chen, Qingyuan Zhong, Lei Xiao, Renke Huang, Yanlin Wang, Zibin Zheng [Code]

• WakeMint: Detecting Sleepminting Vulnerabilities in NFT Smart Contracts
  Lei Xiao, Shuo Yang*, Wen Chen, Zibin Zheng.

2024

• Uncover the Premeditated Attacks: Detecting Exploitable Reentrancy Vulnerabilities by Identifying Attacker Contracts
  Shuo Yang, Jiachi Chen, Mingyuan Huang, Zibin Zheng, Yuan Huang [Code]

• FunFuzz: A Function-oriented Fuzzer for Smart Contract Vulnerability Detection with High Effectiveness and Efficiency
  Mingxi Ye, Yuhong Nan, Hong-Ning Dai, Shuo Yang, Zibin Zheng, Xiapu Luo.

2023

• Towards Understanding Asset Flows in Crypto Money Laundering Through the Lenses of Ethereum Heist
  Jiajing Wu, Dan Lin, Qishuang Fu, Shuo Yang, Ting Chen, Zibin Zheng, Bowen Song.

• Definition and Detection of Defects in NFT Smart Contracts
  Shuo Yang, Jiachi Chen, Zibin Zheng [Code]

🎖 Honors and Awards

• 2024.11 National Scholarship for Doctoral Students (Ministry of Education, China)
• 2023.10 President Scholarship for Doctoral Students, Sun Yat-sen University
• 2023.09 1st Prize, China Service Computing Innovation Contest
• 2023.04 8th Place, Numen Cyber CTF
• 2021.06 3rd Prize, Competition of Service Outsourcing and Entrepreneurship Innovation
• 2021.05 3rd Prize, Chinese Undergraduate Internet Software Design Competition
• 2020.06 3rd Prize, Competition of Service Outsourcing and Entrepreneurship Innovation
• 2019.08 2nd Prize, Chinese Undergraduate Computer Design Contest

📖 Educations

• 2022.09 - present, Ph.D. in Software Engineering, Sun Yat-sen University, Zhuhai.
• 2018.09 - 2022.06, B.Eng., Zhongnan University of Economics and Law, Wuhan.

💬 Invited Talks

• 2025.05, ICSE 2025 oral presentation, Virtual
• 2024.08, ICSE’25 accepted papers symposium held by CCF Software Engineering Committee, Virtual
• 2024.04, ICSE 2024 oral presentation, Lisbon, Portugal
• 2024.02, ICSE’24 accepted papers symposium held by CCF Software Engineering Committee, Virtual
• 2023.07, ISSTA 2023 oral presentation, Seattle, USA

💻 Internships

• 2025.07 - now, DarkNavy, Shanghai, China.
• 2024.09 - 2024.12, GoPlus, Remote.
• 2023.08 - 2024.01, LightYear Security Lab, AntGroup, Hangzhou, China.
• 2021.10 - 2022.01, R&D of blockchain underlying platform, Webank, Shenzhen, China.
• 2021.07 - 2021.08, YGSoft, Wuhan, China.

✈️ Travels

- North America: 🇺🇸 - Europe: 🇫🇷 🇵🇹 🇲🇨 🇨🇭 - Asia: 🇯🇵 🇰🇷 🇸🇬 🇹🇭

🔧 Skills

• Languages: Python, Solidity, Rust, C/C++, Java, JavaScript, TypeScript
• English: IELTS 7.0 · GRE 321+4.0 · CET-6 566 · CET-4 626