Reseach Experience

Research Project #1: Automatic Repair of smart contracts used in Ethereum

Advisor: Prof. TaoXie and Assistant Prof. Xusheng Xiao

Time: Apr 2019 - Jan 2020

Lab: Automated Software Engineering Group, UIUC

Goal: 

Aimed to build a tool which takes vulnerable contracts as input, automatically fix them and then output non-vulnerable contracts.

Details:

  • Built a real-world smart contract dataset which includes 94 contracts with 6 classes of vulnerabilities and line labeled for future research
  • Implemented pre-precessor which can remove almost 100% FP reports of Securify and reserve 97% TP reports which can be fixed to address the problem that Securify's report has high FP rate
  • Achieved a average patch rate of 98% for DAO, LockedEther, MissingInputValidation and UnhandledException
  • Research paper about this project has been submitted to USENIX ATC 2020

 

Research Project #2: Security analysis of smart contracts used in Ethereum

Advisor: Prof. Yinxing Xue

Time:  Jan 2019 - Mar 2019

Lab: Lab of System Software and Software Security, USTC

Goal:

Aimed to improve the accuracy of current contract checkers such as slither and build a benchmark of smart contracts for future checkers building

Details:

  • Summarized the reasons why current contract checkers have so many FP warnings
  • Found some typical vulnerability patterns which have more accuracy than which used in current contract checkers
  • Used code clone to find undiscovered vulnerable code segments
  • Excluded the protection used by programmers in vulnerability report  to reduce false positive warnings

Research Project #3: Performance analysis of programs using both C and Python language

Advisor: Associate Professor Yu Zhang

Lab: Lab of System Software and Software Security, USTC

Goal: 

Aimed to build a tool which can analyze the performance(like memory usage, time consumption, etc) of programs which are coded in both  C and Python

Details:

  • Extended the usage of a open source tool named Memory Profiler to different programming languages
  • Added some new functions to Memory Profiler such as reporting hot functions
  • Modified code mapping algorithm of performance analysis tool used in opencv and extended its use to other platforms like TensorFlow