Mingxi Ye
Home
Publication

Mingxi Ye's Homepage

alt text 

Mingxi Ye (叶铭熙)
Ph.D Candidiate

School of Software Engineering
Sun Yat-sen University
Panyu District, Guangzhou City, 511436

E-mail: yemx6 [AT] mail2 [DOT] sysu [DOT] edu [DOT] cn
[GitHub] [Google Scholar] [Twitter]

About me

I am currently a Ph.D. candidate supervised by Prof. Zibin Zheng and Prof. Yuhong Nan in Sun Yat-sen University, working on fuzz testing (especially for code with functional bugs), static analysis, and blockchain security. I also play Smart Contract CTF and Immunefi for fun.

Educations

  • Sun Yat-sen University Ph.D candidate in Software Engineering (Advisor: Prof. Zibin Zheng & Prof. Yuhong Nan), since Sept. 2021.

  • Sun Yat-sen University B.Sc. in Mathematics and Applied Mathematics (w/ Outstanding Graduate Award) , from Sept. 2017 to Jun. 2021.

Experiences

  • Research intern in Ant Group. Working on smart contract fuzzing and bug hunting.

  • Visiting researcher in D23E & UCL. Working on on-chain smart contract fuzzing.

Publications

  1. Detecting State Inconsistency Bugs in DApps via On-Chain Transaction Replay and Fuzzing.
    Mingxi Ye, Yuhong Nan, Zibin Zheng, Dongpeng Wu, Huizhong Li.
    International Symposium on Software Testing and Analysis (ISSTA), July 2023. [TOP] [CCF-A].

  2. Midas: Mining Profitable Exploits in On-Chain Smart Contracts via Feedback-Driven Fuzzing and Differential Analysis.
    Mingxi Ye, Xingwei Lin, Yuhong Nan, Jiajing Wu, Zibin Zheng.
    International Symposium on Software Testing and Analysis (ISSTA), September 2024. [TOP] [CCF-A].

  3. FunFuzz: A Function-oriented Fuzzer for Smart Contract Vulnerability Detection with High Effectiveness and Efficiency.
    Mingxi Ye, Yuhong Nan, Hong-Ning Dai, Shuo Yang, Zibin Zheng, Xiapu Luo.
    Transactions on Software Engineering and Methodology (TOSEM). [TOP] [CCF-A].

  4. DAppSCAN: Building Large-Scale Datasets for Smart Contract Weaknesses in DApp Projects.
    Zibin Zheng, Jianzhong Su, Jiachi Chen, David Lo, Zhijie Zhong, Mingxi Ye.
    Transactions on Software Engineering (TSE). [TOP] [CCF-A].

  5. Turn the Rudder: A Beacon of Reentrancy Detection for Smart Contracts on Ethereum.
    Zibin Zheng, Neng Zhang, Jianzhong Su, Zhijie Zhong, Mingxi Ye, Jiachi Chen.
    International Conference on Software Engineering (ICSE), May 2023. [TOP] [CCF-A].

  6. SmartReco: Detecting Read-Only Reentrancy via Fine-Grained Cross-DApp Analysis.
    Jingwen Zhang, Zibin Zheng, Yuhong Nan, Mingxi Ye, Kaiwen Ning, Yu Zhang, Weizhe Zhang.
    International Conference on Software Engineering (ICSE), 2025. [TOP] [CCF-A].

Honors and Awards

Selected Academic Award

  1. Yat-sen Scholar Award, Sun Yat-sen University - 2024.

  2. National Scholarship for Doctoral Students - 2024.

  3. Outstanding Graduate Award, Sun Yat-sen University - 2021.

  4. Duxing Special Scholarship, Sun Yat-sen University.

Selected Capture-The-Flag (CTF)

  1. 5th place at MetaTrust CTF - September, 2023.

  2. 8th place at Numen Cyper CTF - March, 2023.

  3. Winner (with the ant group) at China Trusted Blockchain Security Attack and Defense Competition - September, 2023.

Selected Web3 bugs (Bug Bounty: $17,000+)

  1. DoS bug reported for multiple blockchain platforms (e.g., Reth, Nethermind, Avalanche).

  2. API Misbehaving bug reported for Erigon.

  3. Erroneous Execution bug reported for Polygon.

  4. Price manipulation bug reported for Asymmetry Finance.

  5. Metamorphic contract bug reported for Basin.

  6. Read-only reentrancy bug reported for Basin.

  7. 20 bugs confirmed by China National Vulnerability Database (CNVD).

Talks

  1. The Oracle Problem in Smart Contract Testing - October 2024.
    The Decentralised Science Seminar, the University of Sydney, Remotely.

  2. Midas: Mining Profitable Exploits in On-Chain Smart Contracts via Feedback-Driven Fuzzing and Differential Analysis - September 2024.
    The 33nd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2024), Vienna, Austria.

  3. Detecting State Inconsistency Bugs in DApps via On-Chain Transaction Replay and Fuzzing - July 2023.
    The 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2023), Seattle, United States.

  4. Detection of Smart Contracts Vulnerabilities - April 2023.
    University of Electronic Science and Technology of China, Chengdu, China.

  5. Software Services in Ethereum System - May 2022.
    The Ph.D. Symposium of CCF 15th International Conference on Service Science (CCF-ICSS 2023), Virtually.

Professional Services

Program Committee Member

  1. USENIX Security 2025 Artifact Evaluation Committee, 2025.

  2. International Conference on Blockchain and Trustworthy Systems (Blocksys), 2023.

Reviewer

  1. ACM Transactions on Software Engineering and Methodology (TOSEM).

  2. Blockchain: Research and Applications (BCRA).

Sub-reviewer

  1. International Symposium on Software Testing and Analysis (ISSTA).

  2. International Conference on the Foundations of Software Engineering (FSE).

  3. IEEE Transactions on Information Forensics and Security (TIFS).

  4. IEEE Transactions on Software Engineering (TSE)