Recruitement
We have Ph.D. opennings for self-motivated students [link].
Please share your thoughts on my recent papers before sending an email.
News
Apr. 2025: Survey on blockchain security research is accepted to the reputable “Foundations and Trends in Privacy and Security” journal: [pdf]. Congrats to collaborators!
March 2025: My Ph.D. student [Yibo Wang] is joining [EECS at Univ. of Wyoming] as a tenure-track Assistant Professor. Godspeed to Yibo!!
March 2025: My student Yibo receives All University Doctoral Prize from Syracuse University. Congrats to Yibo!
March 2025: My student Wanning will do internship at Chainlink. Congrats to Wanning!
March 2025: Serve IEEE S&P 26, NDSS 26 and ACSAC 25 program committee. Please submit your best work.
Jan 2025: Joint work on blockchain wallet security accepted to WWW 25. Congrats to Sajad and Yue!
Dec 2024: My student Yibo will do his second internship at CertiK. Congrats to Yibo!
Oct 2024: Serve CCS 25 program committee. Please submit your best work.
Sep 2024: Research on blockchain security is accepted to IEEE S&P 25. Congrats to Wanning and Yibo!
Aug 2024: Blockchain security research is funded by Ethereum Foundation. Thank you, EF! [award]
Aug 2024: My student Yibo receives USENIX Security’24 Travel grant. Congrats to Yibo!
July 2024: Serve NDSS 25 program committee. Please submit your best work.
June 2024: Invited to talk about our blockchain research at NTU Blockhain Symposium in Singapore [website] [award].
June 2024: Invited to talk about our blockchain research at SBC 2024 in NYC [website].
May 2024: Serve Euro S&P 25 program committee. Please submit your best work.
May 2024: Research on blockchain mempool fuzzing accepted to USENIX Security 24. Congrats to Yibo!
May 2024: Serve IEEE S&P 25 program committee. Please submit your best work.
May 2024: Host an educational workshop for using our [BADD labs] in CS, FinTech courses: [workshop webpage]
March 2024: Research on Ethereum key leakage and misuse accepted to WWW 24 (short paper). Congrats to Yuxuan and Jiaqi!
Feb 2024: Serve ACSAC 24 program committee. Please submit your best work.
Feb 2024: Serve RAID 24 program committee. Please submit your best work [CFP].
Jan 2024: Joint work on upgradable smart contracts accepted to WWW 24. Congrats to Xiaofan and Jin!
[More news]
Research Interests
My research mission aims to understand, enable and verify the systems security of digital infrastructures used in high-impact or emerging application domains.
Toward the goal, I am interested in cybersecurity, systems, and interdisciplinary research in decentralized systems (like blockchains and smart contracts), open-source software ecosystems, and other emerging domains. My research often addresses technical challenges as follows:
Security analysis and vulnerability discovery: [USENIX Security 24], [CCS 21]
Provable security and economics of security: [IEEE S&P 25]
Security-oriented measurement and cyber-crimes: [Euro S&P 23], [IMC 21], [NDSS 21]
Perf. optimization & workload analysis: [TSE 23/FSE 21], [Middleware 20], [ICDE 19], [TPDS 13]
Secure data storage: [ACSAC 14], [EDBT 14], [ICDCS 08]
Data privacy: [TKDE 15], [ICDCS 14], [CIKM 11]
Security/systems education: [BADD labs], [FuSSIL labs]
My projects are generously supported by National Science Foundation, Ethereum Foundation, Intel, etc.
My research results in patches in popular open-source software, such as Ethereum Go client [Geth 1.11.4].
Recent Publications
Underline: students advised by me.
S&P'25: “Asymmetric Mempool DoS Security: Formal Definitions and Provable Secure Designs”, AR=14.2%, Wanning Ding, Yuzhe Tang, Yibo Wang. [pdf], [slides]
WWW'25: “SigScope: Detecting and Understanding Off-Chain Message Signing-related Vulnerabilities in Decentralized Applications”, AR=19.8%, Sajad Meisami, Hugo Dabadie, Song Li, Yuzhe Tang, Yue Duan. [pdf]
TTPS'25: “Security Analysis and Formal Verification on Blockchain and its Applications,” K. Li, R. Gu, J. Xu, Z. Chen, S. Wu, Y. Zhou, M. Zhang, X. Luo, Yuzhe Tang, Y. Li, X. Zhang, Yibo Wang. In Foundations and Trends in Privacy and Security [pdf]
USENIX Security'24: “Understanding Ethereum Mempool Security under Asymmetric DoS by Symbolized Stateful Fuzzing”, AR=14.5%, Yibo Wang, Yuzhe Tang, Kai Li, Wanning Ding, Zhihua Yang. [pdf], [slides] 
WWW'24: “Characterizing Ethereum Upgradable Smart Contracts and Their Security Implications”, AR=20.2%, Xiaofan Li, Jin Yang, Jiaqi Chen, Yuzhe Tang, Xing Gao. [preprint], [slides]
Euro S&P'23: “Understanding the Security Risks of Decentralized Exchanges by Uncovering Unfair Trades in the Wild”, AR=35.7%, Jiaqi Chen, Yibo Wang, Yuxuan Zhou, Wanning Ding , Yuzhe Tang, X. Wang, Kai Li. [preprint], [slides], [2-page slides]
CCS'21: “DETER: Denial of Ethereum Txpool sERvices”, AR=22%, Kai Li, Yibo Wang, Yuzhe Tang. [pdf], [slides], [talk], [poster], [Patch@Geth-1.11.4], [CVE-2022-23327], [CVE-2022-23328]
NDSS'21: “As Strong As Its Weakest Link: How to Break (and Fix) Blockchain DApps at RPC Service”, AR=15.2%, Kai Li, Jiaqi Chen, Xianghong Liu, Yuzhe Tang, X. Wang, X. Luo. [pdf], [slides], [demo1], [demo2]
IMC'21: “TopoShot: Uncovering Ethereum's Network Topology Leveraging Replacement Transactions”, AR=28%, Kai Li, Yuzhe Tang, Jiaqi Chen, Yibo Wang, Xianghong Liu. [pdf], [slides], [poster], [open dataset], [talk@IMC’21]
FSE'21: “iBatch: Saving Ethereum Fees via Secure and Cost-Effective Batching of Smart-Contract Invocations”, AR=24.5%, Yibo Wang, Qi Zhang, Kai Li, Yuzhe Tang, Jiaqi Chen, X. Luo, T. Chen. [pdf], [extended version], [html], [slides]
Middleware'21 (Industrial track): “Authenticated Key-Value Stores with Hardware Enclaves”, Yuzhe Tang, Kai Li, Q. Zhang, J. Xu, J. Chen. [pdf], [extended version] [slides]
Middleware'20: “Cost-Effective Data Feeds to Blockchains via Workload-Adaptive Data Replication”, AR=25.2%, Kai Li, Yuzhe Tang, Jiaqi Chen, Zhehu Yuan, C. Xu, J. Xu. [pdf], [extended version], [slides], [talk@Middleware’20], [code]
ICDE'19: “GEM^2-Tree: A Gas-Efficient Structure for Authenticated Range Queries in Blockchain”, Full Paper, AR=26.8%, C. Zhang, C. Xu, J. Xu, Yuzhe Tang, B. Choi. [pdf]
Full list of publications: [link], [DBLP].
Open-source Software
Advising
I am fortunate and grateful to work with the following bright Ph.D. students.
Jiaqi Chen [link]: WWW'24, WWW'24 (short), Euro S&P'23; NDSS'21, IMC'21, FSE'21, Middleware'20; internship at CertiK
Wanning Ding [link]: S&P'25, Ethereum Protocol Fellowship’22; Security’24; internship at Chainlink
Yuxuan Zhou [link]: WWW’24 (short)
Zhihua Yang: Security’24
Alumni:
[Link] to our FullStack Security Lab (FSSL .)
Teaching
|