I am a Ph.D. student at UC Berkeley in the Sky Computing Lab advised by Prof. Koushik Sen. My research interest lies in program analysis, security, and distributed system. Prior to Ph.D. study, I was a software engineer at Veridise, a blockchain security startup, where I led development of several automated testing tools for smart contracts and blockchains. Before that, I was a security engineer at Salesforce, contributing to SAST solutions, internal network scanning service, and data pipelines.
I received my CS bachelor degree from UC Santa Barbara, where I worked with Prof. Arpit Gupta on inband network telemetry (INT) and software-defined network. I was advised by Prof. Tevfik Bultan and conducted research on side-channel analysis and probablistic symbolic execution. I also interned at SJTU and worked with Prof. Haojin Zhu on ads and mobile security.
[SBC '22] - Chainsaw: Breaking Blockchains With Coverage-Guided Fuzzing Representing Veridise Inc. [Slides][Event]
Things I Broke
I worked on a few bug bounty programs in 2020-2021. The total amount of bounty I earned reaches $340,000. Selected bugs I've reported:
2023 - Gate.io Exchange CSRFs leading to manipulation of user positions.
2023 - FreedomFi Authorization bypass leading to command execution (RCE) on 7000+ miners.
2022 - Polygon Edge Multiple validator DoS leading to easy 51% (2/3 technically) attack.
2022 - DogeChain Multiple validator DoS & genesis contracts critical logic flaws => fixed with a fork.
2022 - FTX OTC Reflected XSS requiring certain user interaction.
2022 - IBAX Network Multiple validator DoS leading to easy 51% attack.
2022 - FastRLP Index out of range during parsing block data.
2022 - Ethgo Memory vulnerabilities during decoding transaction & log.
2022 - Deeper Network Memory vulnerabilities in pkt parsing leading to RCE on 30k+ miners.
2021 - React Native / Hermes Memory vulnerability due to recursive JS proxy.
2021 - FTX US Request smuggling leading to potential users trade information leakage.
2021 - CVS Pharmacy SSRF + TLS Poisoning leading to public access of all internal systems.
2021 - Helium Incorrect logic leading to easy manipulation of mining mechanism.
2020 - NetEase Email XSS + CSP bypass, can lead to all business customer account takeover.
2020 - Baidu Multiple stored XSS, can lead to 218M account takeover.
2019 - Gogs Race conditions leading to policy bypass.
2019 - NetEase XSS + CSRF, can lead to 1 billion+ account takeover.
2016 - Shanghai Government 100+ SQL injection / LFI / etc.
2021 - Comcast Malicious user can hijack network traffic.
2021 - Google Nest Side-channel leading to leakage of user actions.
2021 - MyQ Side-channel leading to leakage of user actions.
2021 - Samsung Home Side-channel leading to leakage of user actions.
2020 - iQIYI User PII leakage in APIs.
2020 - Mail.ru User PII leakage in APIs.
2017 - Baidu User PII leakage in APIs.
I am sometimes an irresponsible early token investor. I am broadly interested in anything other than ZK and games (because I really know nothing about them). Here are some projects I held >.5% tradeable (LP + CEX) circulating supply:
I used to do quant trading on leveraged ETFs, contracts, and options based on reinforcement learning and fine-tuned LLM with a surprising PnL of -92% :).