Weilin (William) Li

Abstract

I am a CS PhD student of University College London (UCL), supervised by Prof. Arthur Gervais. I received my Bachelor's degree at the University of Science and technology of China (USTC). My id as a hacker is hklst4r and I love to break things.

My research interests primarily focus on blockchain technology, Decentralized Finance (DeFi) applications, and their security implications. I've been actively engaged in the DeFi ecosystem since 2021. I continuously explore and implement highly profitable trading strategies (Ref. Highly Profitable Trading Strategy). I am also an active bug hunter in Web3, securing $10K+ in bounties (Ref. Bug Bounties).

I used to be a CTF player in Crypto and Misc. I was the team captain of NEBULA, which achieved an annual global ranking of 137th (top 0.33% globally) on CTFtime (Summer 2022-Summer 2023).

Publications

Unmasking Role-Play Attack Strategies in Exploiting Decentralized Finance (DeFi) Systems
Accepted at ACM DeFi Workshop 2023
Weilin Li, Zhun Wang, Chenyu Li, Heying Chen, Taiyu Wong, Pengyu Sun, Yufei Yu, Chao Zhang
Towards Automated Security Analysis of Smart Contracts based on Execution Property Graph
Arxiv Preprint
Kaihua Qin, Zhe Ye, Zhun Wang, Weilin Li, Liyi Zhou, Chao Zhang, Dawn Song, Arthur Gervais
ConFuzz: Towards Large Scale Fuzz Testing of Smart Contracts in Ethereum
Accepted at INFOCOM 2024
Taiyu Wong, Chao Zhang,Yuandong Ni, Mingsen Luo, HeYing Chen, Yufei Yu, Welin Li, Xiapu Luo, Haoyu Wang

Education

Oct 2024 - ???
PhD in Computer Science
University College London
Sep 2020 - Jun 2024
Bachelor of Cybersecurity
University of Science and Technology of China

Experiences

May 2023 ~ Current - DeFi Researcher @ D23E.
Feb 2023 ~ Aug 2023 - Research Intern @ Tsinghua University VUL337 Research Group (Supervised by Prof. Chao Zhang).
July 2022 ~ July 2023 - CTF Team Captain of NEBULA.

Teaching

Teaching Assistant for Prof. Wenliang Du's SEED Lectures (Summer 2022).
Teaching Assistant for Abstract Algebra and Number Theory (Fall 2022), lectured by Prof. Weiming Zhang, USTC.
Teaching Assistant for Mathematical Logic and Graph Theory (Spring 2023), lectured by Prof. Bin Liu, USTC.
Teaching Assistant for Design and Practice of Information Security I (Spring 2022, Spring 2023), USTC.
Teaching Assistant for Design and Practice of Information Security II (Spring 2022, Spring 2023), USTC.

Selected Talks

2023

Unmasking Role-Play Attack Strategies in Exploiting Decentralized Finance (DeFi) Systems
Web3 Scholars Conference [Youtube video (Chinese)]
Navigating DeFi Security: From Threat Landscape to Prevention Strategies
Blockchain 2023 Liyi Zhou, Ye Wang, Weilin Li

Some Awards

2023

5th place in XCTF's international CTF competition SCTF.

Second prize of the 17th National College Student Information Security Contest, East-Northeastern Region

2022

Silver Award in International Genetically Engineered Machine Competition.

5th place in Tencent's international CTF competition TCTF/0CTF.

Second Prize in the 6th National "Strong Net Cup" Finals.

Bug Bounties

I have submitted several bug reports for various projects. Below listed some of them that are released to public.

Tokenlon, flaw in token design leads to continous arbitrage opportunities.

Huckleberry Lending, interest-bearing token borrowing leads to drain of the market.

...

Highly Profitable Trading Strategy

This term draws inspiration from Avraham Eisenberg, a self-proclaimed "Applied Game Theorist" who famously netted $115 million by manipulating a token's price. I use it to describe lucrative, low-risk trading opportunities I've successfully identified and leveraged. (To be clear, these are not attacks or exploits.)

October 2024: Radiant Protocol Incident, Following a hack that drained 2/3 of the protocol's Total Value Locked (TVL), I capitalized on the ensuing panic by establishing a strategic short position on the governance token.

January 2024: MIM Depegging Event, I seized the opportunity to purchase MIM at a discount, effectively rebalancing my position on the Abracadabra platform.

March 2023: USDC Depegging Crisis, During this event, I used AAVE to create a DAI (long)/ USDT (short) position. Despite DAI's initial depeg alongside USDC due to the Peg Stability Module (PSM) allowing 1:1 USDC to DAI swaps, I recognized that Maker DAO's substantial reserve fund could potentially cover bad debt and stabilize DAI even if USDC's value plummeted to zero.

May 2022: Luna/UST Death Spiral, I managed to short $LUNA when $UST starts to depeg.

...

Hacking for fun!