Chaofan Shou is the cofounder and CTO of Fuzzland, a blockchain security company specializing in automated testing tools for smart contracts and also a developer at Solayer. He is also a Ph.D. student at UC Berkeley in the Sky Computing Lab, where his research focuses on program analysis, security, and distributed systems. ^{[1] [2] [3] [4]}

Overview

Chaofan Shou has established himself as a notable figure in blockchain security and program analysis. His work spans academic research, entrepreneurship, and security engineering, with significant contributions to smart contract security and automated testing methodologies. Shou's expertise in identifying and addressing security vulnerabilities has led to the discovery of numerous critical issues across various platforms, with reported bounties reaching approximately $1.9 million. His research has been published in prestigious academic conferences, and he has delivered talks at industry events focused on blockchain security and fuzzing techniques. ^{[1] [2] [3] [4]}

Education

Shou is currently pursuing his Ph.D. at the University of California, Berkeley, where he works in the Sky Computing Lab under the supervision of Professor Koushik Sen. His doctoral research concentrates on program analysis, security, and distributed systems. Prior to his doctoral studies, Shou attended the University of California, Santa Barbara. ^{[1] [4]}

Career

Shou's professional career includes a position as a security engineer at Salesforce, where he contributed to Static Application Security Testing (SAST) solutions, internal network scanning services, and data pipelines. During this period, he developed expertise in identifying security vulnerabilities across various platforms, which served as a basis for later work with blockchain technologies.

Following his time at Salesforce, Shou became a founding engineer at Veridise, a blockchain security startup. At Veridise, he led the development of several automated testing tools specifically designed for smart contracts and blockchains. His work at Veridise included the development of Chainsaw, a tool for breaking blockchains with coverage-guided fuzzing, which he presented at the Smart Contract Summit (SBC) in 2022.

Shou co-founded Fuzzland, where he currently serves as the Chief Technology Officer (CTO). Fuzzland focuses on blockchain security, particularly developing automated testing tools for smart contracts. In February 2024, Fuzzland announced the closing of a $3 million seed funding round, as reported in a Medium post by Shou. At Fuzzland, Shou has continued his work on fuzzing techniques for blockchain security, presenting "MEV + Fuzzing = DeFi Firewall" at BuildETH in 2023. ^{[1] [2] [3] [4] [5] [6] [7] [8] [9]}

Research and Publications

Shou has authored and co-authored several academic papers in the fields of smart contract security, program analysis, and distributed systems. His notable publications include:

• "ItyFuzz: Snapshot-Based Fuzzer for On-Chain Smart Contract Auditing" (ISSTA '23), co-authored with Shangyin Tan and Koushik Sen;
• "Query Planning for Robust and Scalable Hybrid Network Telemetry Systems" (CoNext '24), with multiple co-authors;
• "Unveiling Collusion-Based Ad Attribution Laundering Fraud: Detection, Analysis, and Security Implications" (CCS '24);
• "CorbFuzz: Checking Browser Security Policies with Fuzzing" (ASE '21). ^[1]

Throughout his career, Shou has identified and reported numerous security vulnerabilities across various platforms. His contributions to bug bounty programs between 2020 and 2022 resulted in approximately $1.9 million in bounties, including locked tokens. Some of his notable security findings include:

• Remote Code Execution (RCE) vulnerabilities in RisingWave (2024);
• Server-Side Request Forgery (SSRF) issues in Devin.ai leading to user information leaks (2024);
• Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerabilities in Twitter that could lead to account takeovers (2023);
• Multiple validator Denial of Service (DoS) vulnerabilities in blockchain platforms like Polygon Edge and DogeChain (2022). ^[1]

Shou maintains an active presence on GitHub, where he has contributed to numerous repositories. His pinned projects include ItyFuzz, a bytecode-level hybrid fuzzer for smart contracts, and digfuzz, an implementation of probabilistic path prioritization for hybrid fuzzing. He has also contributed to major open-source projects such as LibAFL and Facebook's Hermes JavaScript engine. ^{[1] [3] [5] [5]}

Speaking Engagements

Shou has presented his work at various industry events, including:

• "MEV + Fuzzing = DeFi Firewall" at BuildETH in 2023, representing Fuzzland;
• "Chainsaw: Breaking Blockchains With Coverage-Guided Fuzzing" at the Smart Contract Summit (SBC) in 2022, representing Veridise. ^{[1] [4]}

Interviews

Mitigating Smart Contract Attacks #01

On August 16, 2024, Chaofan Shou appeared in an interview on the IC3 Initiative for Cryptocurrencies and Contracts YouTube channel, presenting his views on the challenges and defense strategies against smart contract attacks. According to Shou, losses in 2024 have already exceeded US $100 million, with notable incidents such as the Ronin Bridge exploit and repeated hacks of protocols that underwent multiple audits without addressing critical flaws.

Shou points out that many attacks occur via private RPCs, preventing front‑running bots from detecting and blocking malicious transactions before they are mined. The fierce competition among defender and attacker bots, combined with skyrocketing gas fees, drastically reduces the effectiveness of on‑chain rescue attempts, he notes that no fund recoveries were successful in 2024 using front‑running alone.

According to the researcher, there is a recurring pattern in the preparatory phase of attacks: attackers often deploy exploit contracts moments before executing the malicious transaction. This detail, Shou argues, opens a window for proactive interventions. By monitoring and analyzing newly deployed contracts, defense teams could repurpose those same exploits to hijack the original attack, significantly increasing the chances of fund recovery.

To operationalize this concept, Chaofan Shou proposes the creation of a “mysterious Oracle” capable of predicting attack parameters or reconstructing exploit transactions in real time. In experiments conducted since January 2023, his team demonstrates that, with optimized parameters and exploit‑hijacking techniques, it would be possible to recover up to US $120 million in compromised funds.

Finally, Shou emphasizes the importance of combining on‑chain analysis, collaboration among research teams, and new approaches, such as programmatic repair of contracts, to create dynamic defense mechanisms. In his view, leveraging historical attack data and predictive models is essential to prevent future losses and more effectively protect the blockchain ecosystem. ^[10]