Fan Zhang
@0xFanZhang
Assistant Prof @YaleCompsci. Also @chainlinklabs @initc3org. Ex @Cornell @Cornell_Tech. Interest: secure & decentralized systems
An advanced version of Gemini with Deep Think has officially achieved gold medal-level performance at the International Mathematical Olympiad. 🥇 It solved 5️⃣ out of 6️⃣ exceptionally difficult problems, involving algebra, combinatorics, geometry and number theory. Here’s how 🧵
"permissionless interop" is more essential to the value of decentralization than most of what crypto/blockchain work on
My 2c is that decentralization of trust doesn’t have to mean running everything on blockchains or decentralized consensus systems. Instead, openness of the system — through verifiable computation, public interfaces, or permissionless participation — is a powerful approach too.
Join us at DeFi’25: Workshop on Decentralized Finance & Security, Co-located with ACM CCS 2025 on October 17, 2025. Submission deadline: July 21, 2025 (AoE) Thanks to our incredible program committee & chairs for making this happen: @yaish_aviv @christoftorres @alexcryptan…
I wrote a post to introduce my personal favorite attack idea from the first half of 2025: the MEV-phishing attack — an attack targeting the smartest bots in the MEV ecosystem.
Dead Drop for smart contract bugs
3rd Place - DeadDrop @0xfanzhang and the team behind DeadDrop built a system for bug hunters to responsibly disclose smart contract bugs to deployers with confidentiality and spam prevention. While existing BlockChat systems can be used to reach smart contract deployers, they…
Congratulations to the 2025 IC3 Blockchain Camp hackathon winners! After a week of building, here are the standout projects that took home the top prizes 🧵
Cornell Tech debuts Liquifaction working use case to let users borrow NFTs without ownership theblock.co/post/357842/co…
we have been thinking recently about the need for something like "AI privilege"; this really accelerates the need to have the conversation. imo talking to an AI should be like talking to a lawyer or a doctor. i hope society will figure this out soon.
I once gave a talk on DID and mentioned how camera-based ID verification can be susceptible to deepfake, now there is a good reference github.com/hacksider/Deep…
Thanks for the nice graphics!
One case study? 🙉 An obfuscated MEV contract got drained of 22 ETH using an old tx.origin phishing exploit. If you’re a builder relying on obfuscation to protect your smart contracts… You might be shielding your IP — but you’re also blinding yourself to basic vulnerabilities.…
Checked out our new paper "Insecurity Through Obscurity," where we uncover smart contract vulnerabilities hidden under code obfuscation. We used our tool to analyze MEV bots. TLDR: $$$ at risk is quite big (see quote). arxiv.org/pdf/2504.13398
Applied to real-world MEV bots, SKANF finds vulnerabilities in 1,028 contracts and generates exploits for 373, with potential losses over $9.0M. We further identify 40 real-world attacks targeting the same vulnerabilities uncovered by SKANF, causing $900K in actual losses. (3/n)
Wenhao is going to present Prooφ: A ZKP Market Mechanism arxiv.org/abs/2404.06495 (to appear in FC), a joint work with Lulu Zhou, @yaish_aviv , @benafisch , @convoluted_code.
TLDR's 2025 Conference tickets are now available for May 12-13, bringing together academics, engineers & practitioners to advance the state of DeFi research. → Keynotes: @gakonst & @segfaultdoctor → Program Schedule: thelatestindefi.org/schedule → Tickets: bit.ly/tldr-25