Projects
Discovering DoS attack on Ethereum transaction pool
- Discover the vulnerability of transaction pool in Ethereum clients by reading source code, testing cases and fuzzing.
- Report 12 unique attacks that can deny the service of transaction pool with 0 or low cost.
- Our team receives Bug bounty from Ethereum Foundation $12,000 (2021), $2,000 (2022), $4,000 (2023) and OpenEthereum/Parity $8,000 (2021)
Improving the resilience of the transaction pool against DoS attacks on Go-Ethereum client
- Design defense against transaction pool DoS attacks by tightening the TxPool validation rules. Ensure no vulnerability in our design of defense.
- Co-develop the patch code of the defense against transaction pool DoS attack and the code is merged in Geth client V1.11.4.
- Work as a contributor of Go-Ethereum (Geth) V1.11.4, https://github.com/ethereum/go-ethereum/releases/tag/v1.11.4
Cost optimization in blockchains
- Design a middleware system running on top of a blockchain network to optimize the cost of blockchain-based DApps.
- Achieve saving 14.6% – 59.1% Gas cost per invocation without losing security or causing extra delay.
- Implement smart-contract rewriting techniques on source/bytecode for the integration of the middleware with contract
Decentralized bug reporting system for smart contract
- Develop a decentralized bug-reporting system for smart contracts, addressing manipulation and transparency issues in centralized systems like CVE.
- Design a system allowing anyone to submit bug reports to the blockchain, with validation by a decentralized group of verifiers, ensuring accuracy and immutability.
- Implement a validation process using encrypted Proof of Evidence (PoE) and Trusted Execution Environment (TEE) for secure and transparent bug verification.