Ziyue Wang

Ziyue Wang

PhD Student @ University of Sydney | Blockchain Security | Vulnerability Detection | AI Agents for Security

Ziyue Wang

Welcome to my homepage. I am Ziyue Wang (王子悦 in Chinese), a PhD student in Computer Science at the University of Sydney, and a student of Liyi Zhou.

Education

  • 2026.03 - Present, PhD Student in Computer Science, University of Sydney, Australia. Student of Liyi Zhou.
  • 2023.09 - 2026.03, Master's student in Software Engineering, Nanjing University, China. Student of Jidong Ge.
  • 2019.09 - 2023.06, Undergraduate student in Software Engineering, Nanjing University, China.

Research Interests

I am interested in how far emerging systems can push the automation of security research, especially work that still depends on manual validation. I stay open to new ideas, tools, and domains, and I enjoy learning by building. At the moment, my research centers on two closely connected directions:

Vulnerability Detection and Validation

I build LLM- and agent-based systems that can automatically discover vulnerabilities, explain why they happen, and validate them with concrete evidence such as executable proofs of concept.

  • My recent work, TxRay, automates root-cause analysis and PoC generation for DeFi incidents with strong accuracy and speed. Building on that prototype, Liyi and I developed Clara for real-time analysis of live blockchain attacks. Its public platform, ClaraHacks, now curates postmortems for roughly 400 incidents, each combining root-cause analysis with PoC generation.
  • In my earlier work, A2, I identified and validated vulnerabilities in real Android applications, including a Google vulnerability that has since been fixed and another in Via Browser, an app with more than 10 million downloads, which has also been patched.

AI Agents for General Security Analysis

Beyond blockchain and Android applications, I am exploring how AI agents can support security analysis across a broader landscape. I am particularly interested in their use for program analysis, malware detection, and robotic or cyber-physical systems.

Selected Publications

  • TxRay: Agentic Postmortem of Live Blockchain Attacks
    Ziyue Wang, Jiangshan Yu, Kaihua Qin, Dawn Song, Arthur Gervais, Liyi Zhou
    [arXiv preprint arXiv:2602.01317] [paper]
  • Agentic Discovery and Validation of Android App Vulnerabilities
    Ziyue Wang, Liyi Zhou
    [arXiv preprint arXiv:2508.21579] [paper]
  • Empirical Analysis of Smart Contract Factories on EVM-compatible Chains
    Ziyue Wang, Zongwen Shen, Lei Chen, Wei Song, Jidong Ge, LiGuo Huang, Bin Luo
    [ACM Transactions on Software Engineering and Methodology] [paper]

Experience

  • 2025.04 - 2025.07, Web3 R&D Engineer at BitsLab. Worked on Web3 research and development.
  • 2024.11 - 2025.04, Web3 Security Researcher at BlockSec. Worked on Web3 security research.
  • 2022.07 - 2022.10, Software Development Engineer at Alibaba. Worked on software development.

Blog and Media

  • TxRay Introduction [link]
  • Clara Introduction [link]
  • A2 Introduction [link]
  • A2 Introduction [link]
  • Postmortem of zkLend Exploit [link]

Honors & Awards

  • 2026, Outstanding Graduate of Nanjing University (top 1%).
  • 2024, Xiaomi Scholarship.
  • 2024 ~ 2026, Nanjing University First-class Scholarship (top 5%).
  • 2022, Outstanding Undergraduate of Nanjing University (top 1%).