I am a Ph.D. student at UC Berkeley in the Sky Computing Lab advised by Prof. Koushik Sen. My research interest lies in program analysis, security, and distributed system. Prior to Ph.D. study, I was a founding engineer at Veridise, a blockchain security startup, where I led development of several automated testing tools for smart contracts and blockchains. Before that, I was a security engineer at Salesforce, contributing to SAST solutions, internal network scanning service, and data pipelines.

I received my CS bachelor degree from UC Santa Barbara, where I worked with Prof. Arpit Gupta on inband network telemetry (INT) and software-defined network. I was advised by Prof. Tevfik Bultan and conducted research on side-channel analysis and probablistic symbolic execution. I also interned at SJTU and worked with Prof. Haojin Zhu on ads and mobile security.

Interested in blockchain security and open to work? => We are hiring @ FuzzLand

Publications

Talks

Things I Broke

I worked on a few bug bounty programs in 2020-2021. The total amount of bounty I earned reaches $1.7M (including tokens locked). Selected bugs I've reported:

Security Issues Privacy Issues

Portfolio

I am sometimes an irresponsible early token investor. I am broadly interested in anything other than ZK and games (because I really know nothing about them). Here are some projects I held >.5% tradeable (LP + CEX) circulating supply:
Exited (2023) Exited (2022) Exited (2022)
I used to do quant trading on leveraged ETFs, contracts, and options based on reinforcement learning and fine-tuned LLM with a surprising PnL of -92% :).

Contacts

shou [at] berkeley.edu
shou [at] ucsb.edu
chaos [at] fuzz.land
which all likely go to scf [at] acm.org
Telegram: https://t.me/imcfs

Links

GitHub
Twitter
Google Scholar
Blog
Not that formal ver of me
Resume for job