Yuqiang Sun (孙宇强 in Chinese) is now a Ph.D. student in School of Computer Science and Engineering @ Nanyang Technological University, supervised by Prof. Yang Liu. Before Ph.D. study, he got his bachelor degree in Sichuan University. His research interests include program analysis, vulnerability detection and patch generation. He hopes to collaborate with more innovative researchers on various exciting topics in software engineering, program analysis, vulnerability detection, and program synthesis.
🔥 News
- 2024.01: 🎉🎉 Happy new year! Our preprint “LLM4Vuln: A Unified Evaluation Framework for Decoupling and Enhancing LLMs’ Vulnerability Reasoning” was available on Arxiv!
- 2023.12: 🎉🎉 Our paper “GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis” was accepted to appear in ACM SIGSOFT International Conference on Software Engineering (ICSE), Lisbon, Portugal, 2024.
- 2023.08: 🎉🎉 He passed Qualifying Examination (QE) and became a Ph.D. candidate.
- 2023.07: 🎉🎉 Our paper “Who is the Real Hero? Measuring Developer Contribution via Multi-dimensional Data Integration” was accepted by ASE 2023!
- 2021.08: 🎉🎉 He joined Nanyang Technological University as a Ph.D. student.
📝 Selected Publications [Full List]
- Using My Functions Should Follow My Checks: Understanding and Detecting Insecure OpenZeppelin Code in Smart Contracts
- Han Liu, Daoyuan Wu, Yuqiang Sun, Haijun Wang, Kaixuan Li, Yang Liu, Yixiang Chen
- Usenix Security 2024
- This paper is about using static analysis to find the unsafe implementations of OpenZeppelin based projects.
- Slides for Usenix Security 2024
- ZepScope is now open-sourced. Find more at this website.
- PropertyGPT: LLM-driven Formal Verification of Smart Contracts through Retrieval-Augmented Property Generation
- Ye Liu, Yue Xue, Daoyuan Wu, Yuqiang Sun, Yi Li, Miaolei Shi, Yang Liu
- Preprint
- This paper is about generating formal verification rules with LLM for vulnerability detection.
- Combining Fine-Tuning and LLM-based Agents for Intuitive Smart Contract Auditing with Justifications
- Wei Ma, Daoyuan Wu, Yuqiang Sun, Tianwen Wang, Shangqing Liu, Jian Zhang, Yue Xue, Yang Liu
- Preprint
- This paper is about fine-tuning LLMs with knowledge about logic bugs in smart contract to detect vulnerabilities.
- LLM4Vuln: A Unified Evaluation Framework for Decoupling and Enhancing LLMs’ Vulnerability Reasoning
- Yuqiang Sun, Daoyuan Wu, Yue Xue, Han Liu, Wei Ma, Lyuye Zhang, Miaolei Shi, Yang Liu
- Preprint
- This paper is about enhancing the ability of LLMs in detecting vulnerabilities by providing extra knowledege and external tools.
- GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis
- Yuqiang Sun, Daoyuan Wu, Yue Xue, Han Liu, Haijun Wang, Zhengzi Xu, Xiaofei Xie, Yang Liu
- The 46th IEEE/ACM International Conference on Software Engineering (ICSE 2024)
- This paper is about combining LLM with static analysis method to detect vulnerabilities in smart contracts.
- Slides for ICSE 2024
- GPTScan is now open-sourced. Find more at this website.
- Who is the Real Hero? Measuring Developer Contribution via Multi-dimensional Data Integration
- Yuqiang Sun, Zhengzi Xu, Chengwei Liu, Yiran Zhang, Yang Liu
- The 38th IEEE/ACM International Conference on Automated Software Engineering (ASE 2023)
- This paper is about measuring the contribution of developers in open source projects. We proposed an approach to fuse information from different dimensions for a more comprehensive evaluation of developer contribution.
📖 Educations
- 2021.08 - Now, Ph.D. student at school of computer science and engineering, Nanyang Technological University, Singapore.
- 2017.09 - 2021.06, Undergraduate student at college of cyber space and engineering, Sichuan University, Chengdu, Sichuan, P.R.C.
💬 Invited Talks
- 2024.05, Transforming Language Models into Smart Contract Audit Experts. GeekCon 2024 @ Singapore
📫 Services
- Junior PC: MSR 2024
- Artifact Evaluation: Usenix Security 2024, ISSTA 2024
- Journals: TDSC
- Sub-reviewer: ICSE, ISSTA, ASE, RAID, AisaCCS, ICICS
📚 Teaching
- Teaching Assistant of SC1003: Introduction to Computer Thinking and Programming, NTU, 2023 Fall
- Teaching Assistant of SC1006: Computer Organization and Architecture, NTU, 2023 Spring