Recruitement
We have Ph.D. opennings for self-motivated students [link].
Before sending an email, please think about why you're interested in doing a PhD in my group.
News
Aug 2025: Serve PC in CCS 26 and USENIX Security 26. Please submit your best work.
June 2025: Blockchain-security research is funded by Flashbots. Thank you, Flashbots!
June 2025: Research on blockchain-based data management accepted to TKDE. Congrats to our collaborators!
Apr. 2025: Survey on blockchain security research is accepted to the reputable “Foundations and Trends in Privacy and Security” journal: [pdf]. Congrats to collaborators!
March 2025: My Ph.D. student [Yibo Wang] is joining [EECS at Univ. of Wyoming] as a tenure-track Assistant Professor. Godspeed to Yibo!!
March 2025: My student Yibo receives All University Doctoral Prize from Syracuse University. Congrats to Yibo!
March 2025: My student Wanning will do internship at Chainlink. Congrats to Wanning!
March 2025: Serve PC in IEEE S&P 26, NDSS 26 and ACSAC 25. Please submit your best work.
Jan 2025: Joint work on blockchain wallet security accepted to WWW 25. Congrats to Sajad and Yue!
Dec 2024: My student Yibo will do his second internship at CertiK. Congrats to Yibo!
Oct 2024: Serve PC in CCS 25. Please submit your best work.
Sep 2024: Research on blockchain security is accepted to IEEE S&P 25. Congrats to Wanning and Yibo!
Aug 2024: Blockchain security research is funded by Ethereum Foundation. Thank you, EF! [award]
Aug 2024: My student Yibo receives USENIX Security’24 Travel grant. Congrats to Yibo!
July 2024: Serve PC in NDSS 25. Please submit your best work.
June 2024: Invited to talk about our blockchain research at NTU Blockhain Symposium in Singapore [website] [award].
June 2024: Invited to talk about our blockchain research at SBC 2024 in NYC [website].
May 2024: Serve PC in Euro S&P 25. Please submit your best work.
May 2024: Research on blockchain mempool fuzzing accepted to USENIX Security 24. Congrats to Yibo!
May 2024: Serve PC in IEEE S&P 25. Please submit your best work.
May 2024: Host an educational workshop for using our [BADD labs] in CS, FinTech courses: [workshop webpage]
March 2024: Research on Ethereum key leakage and misuse accepted to WWW 24 (short paper). Congrats to Yuxuan and Jiaqi!
Feb 2024: Serve PC in ACSAC 24. Please submit your best work.
Feb 2024: Serve PC in RAID 24. Please submit your best work [CFP].
Jan 2024: Joint work on upgradable smart contracts accepted to WWW 24. Congrats to Xiaofan and Jin!
[More news]
Research Interests
My research mission aims to understand, enable and verify the systems security of digital infrastructures used in high-impact or emerging application domains.
Toward the goal, I am interested in cybersecurity, systems, and interdisciplinary research in decentralized systems (like blockchains and smart contracts), open-source software ecosystems, and other emerging domains. My research often addresses technical challenges as follows:
Security analysis and vulnerability discovery: [USENIX Security 24], [CCS 21]
Provable security and economics of security: [IEEE S&P 25]
Security-oriented measurement and cyber-crimes: [Euro S&P 23], [IMC 21], [NDSS 21]
Perf. optimization & workload analysis: [TSE 23/FSE 21], [Middleware 20], [ICDE 19], [TPDS 13]
Secure data storage: [ACSAC 14], [EDBT 14], [ICDCS 08]
Data privacy: [TKDE 15], [ICDCS 14], [CIKM 11]
Security/systems education: [BADD labs], [FuSSIL labs]
My projects are generously supported by National Science Foundation, Ethereum Foundation, Intel, etc.
My research results in patches in popular open-source software, such as Ethereum Go client [Geth 1.11.4].
Recent Publications
Underline: students advised by me.
S&P'25: “Asymmetric Mempool DoS Security: Formal Definitions and Provable Secure Designs”, AR=14.2%, Wanning Ding, Yuzhe Tang, Yibo Wang. [pdf], [slides]
WWW'25: “SigScope: Detecting and Understanding Off-Chain Message Signing-related Vulnerabilities in Decentralized Applications”, AR=19.8%, Sajad Meisami, Hugo Dabadie, Song Li, Yuzhe Tang, Yue Duan. [pdf]
TKDE'25: “TELEX: Two-Level Learned Index for Rich Queries on Enclave-Based Blockchain Systems,” H. Wu, Yuzhe Tang, Z. Shen, J. Tao, C. Lin, Zhe Peng. In IEEE Transactions on Knowledge and Data Engineering [pdf]
TTPS'25: “Security Analysis and Formal Verification on Blockchain and Its Applications,” K. Li, R. Gu, J. Xu, Z. Chen, S. Wu, Y. Zhou, M. Zhang, X. Luo, Yuzhe Tang, Y. Li, X. Zhang, Yibo Wang, in Foundations and Trends in Privacy and Security [pdf]
USENIX Security'24: “Understanding Ethereum Mempool Security under Asymmetric DoS by Symbolized Stateful Fuzzing”, AR=14.5%, Yibo Wang, Yuzhe Tang, Kai Li, Wanning Ding, Zhihua Yang. [pdf], [slides] 
WWW'24: “Characterizing Ethereum Upgradable Smart Contracts and Their Security Implications”, AR=20.2%, Xiaofan Li, Jin Yang, Jiaqi Chen, Yuzhe Tang, Xing Gao. [preprint], [slides]
Euro S&P'23: “Understanding the Security Risks of Decentralized Exchanges by Uncovering Unfair Trades in the Wild”, AR=35.7%, Jiaqi Chen, Yibo Wang, Yuxuan Zhou, Wanning Ding , Yuzhe Tang, X. Wang, Kai Li. [preprint], [slides], [2-page slides]
CCS'21: “DETER: Denial of Ethereum Txpool sERvices”, AR=22%, Kai Li, Yibo Wang, Yuzhe Tang. [pdf], [slides], [talk], [poster], [Patch@Geth-1.11.4], [CVE-2022-23327], [CVE-2022-23328]
NDSS'21: “As Strong As Its Weakest Link: How to Break (and Fix) Blockchain DApps at RPC Service”, AR=15.2%, Kai Li, Jiaqi Chen, Xianghong Liu, Yuzhe Tang, X. Wang, X. Luo. [pdf], [slides], [demo1], [demo2]
IMC'21: “TopoShot: Uncovering Ethereum's Network Topology Leveraging Replacement Transactions”, AR=28%, Kai Li, Yuzhe Tang, Jiaqi Chen, Yibo Wang, Xianghong Liu. [pdf], [slides], [poster], [open dataset], [talk@IMC’21]
FSE'21: “iBatch: Saving Ethereum Fees via Secure and Cost-Effective Batching of Smart-Contract Invocations”, AR=24.5%, Yibo Wang, Qi Zhang, Kai Li, Yuzhe Tang, Jiaqi Chen, X. Luo, T. Chen. [pdf], [extended version], [html], [slides]
Middleware'21 (Industrial track): “Authenticated Key-Value Stores with Hardware Enclaves”, Yuzhe Tang, Kai Li, Q. Zhang, J. Xu, J. Chen. [pdf], [extended version] [slides]
Middleware'20: “Cost-Effective Data Feeds to Blockchains via Workload-Adaptive Data Replication”, AR=25.2%, Kai Li, Yuzhe Tang, Jiaqi Chen, Zhehu Yuan, C. Xu, J. Xu. [pdf], [extended version], [slides], [talk@Middleware’20], [code]
ICDE'19: “GEM^2-Tree: A Gas-Efficient Structure for Authenticated Range Queries in Blockchain”, Full Paper, AR=26.8%, C. Zhang, C. Xu, J. Xu, Yuzhe Tang, B. Choi. [pdf]
Full list of publications: [link], [DBLP].
Open-source Software
Advising
I am fortunate and grateful to work with the following bright Ph.D. students.
Jiaqi Chen [link]: WWW'24, WWW'24 (short), Euro S&P'23; NDSS'21, IMC'21, FSE'21, Middleware'20; internship at CertiK
Wanning Ding [link]: S&P'25, Ethereum Protocol Fellowship’22; Security’24; internship at Chainlink
Yuxuan Zhou [link]: WWW’24 (short)
Zhihua Yang: Security’24
Alumni:
[Link] to our FullStack Security Lab (FSSL .)
Teaching
|