I am a 4th-year Ph.D. candidate at the School of Software Engineering, Sun Yat-sen University, supervised by Prof. Zibin Zheng (郑子彬) and Assoc. Prof. Jiachi Chen (陈嘉弛) at InPlusLab since Sep. 2022.

📄 Download my CV (PDF)

My research sits at program analysis, AI for software security, and Web3 security, with a particular focus on uncovering vulnerabilities in smart contracts and blockchain clients. I also work on AI security and adversarial risks in LLM-powered systems.

I have published 8 papers at top-tier (CCF-A) venues in Software Engineering and Security, including ICSE, ISSTA, Usenix Security, TOSEM, TSE, and TIFS.

Beyond academia, I actively hunt real-world bugs and wirte PoCs. I maintain , and develop DarkNavySecurity/web3-skills .

🔥 News

• 2026.01:  🎉 One paper is accepted by Usenix Security 2026. Congrats to Mingyuan!
• 2025.08:  🎉 One paper is accepted by TSE.
• 2025.07: I join DarkNavy as a research intern in Shanghai, China.
• 2025.03:  🎉 One paper is accepted by TSE. Congrats to Zhenzhe!
• 2024.11:  🎉 I win the National Scholarship for Doctoral Students.

👻 Confirmed Bugs & PoCs

• ImmuneFi Web3 Bug Bounty: $22,000 in rewards.
• PoCs of 10 previously uncovered attacks confirmed by DeFiHackLabs.
• 2 GPTs prompt-leak bugs confirmed by developers; one developer adopted our prompt protection recommendation.
• Confirmed issues in Uniswap V4 Periphery and Stop Loss Orders with Uniswap V4 Hooks.

📝 Publications

2026

• Revealing the Dark Side of Smart Accounts: An Empirical Study of EIP-7702 Incurred Risks in Blockchain Ecosystem
  Mingyuan Huang, Han Liu, Shuo Yang, Daoyuan Wu, Shuai Wang.

2025

• Who is Pulling the Strings: Unveiling Smart Contract State Manipulation Attacks through State-Aware Dataflow Analysis
  Shuo Yang, Jiachi Chen, Lei Xiao, Jinyuan Hu, Dan Lin, Jiajing Wu, Tao Zhang, Zibin Zheng [Code]

• NumScout: Unveiling Numerical Defects in Smart Contracts using LLM-Pruning Symbolic Execution
  Jiachi Chen, Zhenzhe Shao, Shuo Yang, Yiming Shen, Yanlin Wang, Ting Chen, Zhenyu Shan, Zibin Zheng.

• Hyperion: Unveiling DApp Inconsistencies using LLM and Dataflow-Guided Symbolic Execution
  Shuo Yang, Xingwei Lin, Jiachi Chen, Qingyuan Zhong, Lei Xiao, Renke Huang, Yanlin Wang, Zibin Zheng [Code]

• WakeMint: Detecting Sleepminting Vulnerabilities in NFT Smart Contracts
  Lei Xiao, Shuo Yang*, Wen Chen, Zibin Zheng.

2024

• Uncover the Premeditated Attacks: Detecting Exploitable Reentrancy Vulnerabilities by Identifying Attacker Contracts
  Shuo Yang, Jiachi Chen, Mingyuan Huang, Zibin Zheng, Yuan Huang [Code]

• FunFuzz: A Function-oriented Fuzzer for Smart Contract Vulnerability Detection with High Effectiveness and Efficiency
  Mingxi Ye, Yuhong Nan, Hong-Ning Dai, Shuo Yang, Zibin Zheng, Xiapu Luo.

2023

• Towards Understanding Asset Flows in Crypto Money Laundering Through the Lenses of Ethereum Heist
  Jiajing Wu, Dan Lin, Qishuang Fu, Shuo Yang, Ting Chen, Zibin Zheng, Bowen Song.

• Definition and Detection of Defects in NFT Smart Contracts
  Shuo Yang, Jiachi Chen, Zibin Zheng [Code]

🎖 Honors and Awards

• 2024.11 National Scholarship for Doctoral Students (Ministry of Education, China)
• 2023.10 President Scholarship for Doctoral Students, Sun Yat-sen University
• 2023.09 1st Prize, China Service Computing Innovation Contest
• 2023.04 8th Place, Numen Cyber CTF
• 2021.06 3rd Prize, Competition of Service Outsourcing and Entrepreneurship Innovation
• 2021.05 3rd Prize, Chinese Undergraduate Internet Software Design Competition
• 2020.06 3rd Prize, Competition of Service Outsourcing and Entrepreneurship Innovation
• 2019.08 2nd Prize, Chinese Undergraduate Computer Design Contest

📖 Educations

• 2022.09 - present, Ph.D. in Software Engineering, Sun Yat-sen University, Zhuhai.
• 2018.09 - 2022.06, B.Eng., Zhongnan University of Economics and Law, Wuhan.

💬 Invited Talks

• 2025.05, ICSE 2025 oral presentation, Virtual
• 2024.08, ICSE’25 accepted papers symposium held by CCF Software Engineering Committee, Virtual
• 2024.04, ICSE 2024 oral presentation, Lisbon, Portugal
• 2024.02, ICSE’24 accepted papers symposium held by CCF Software Engineering Committee, Virtual
• 2023.07, ISSTA 2023 oral presentation, Seattle, USA

💻 Internships

• 2025.07 - now, DarkNavy, Shanghai, China.
• 2024.09 - 2024.12, GoPlus, Remote.
• 2023.08 - 2024.01, LightYear Security Lab, AntGroup, Hangzhou, China.
• 2021.10 - 2022.01, R&D of blockchain underlying platform, Webank, Shenzhen, China.
• 2021.07 - 2021.08, YGSoft, Wuhan, China.

✈️ Travels

- North America: 🇺🇸 - Europe: 🇫🇷 🇵🇹 🇲🇨 🇨🇭 - Asia: 🇯🇵 🇰🇷 🇸🇬 🇹🇭

🔧 Skills

• Languages: Python, Solidity, Rust, C/C++, Java, JavaScript, TypeScript
• English: IELTS 7.0 · GRE 321+4.0 · CET-6 566 · CET-4 626