About Me

I’m Tianyi Li, a blockchain security engineer at CertiK.

Previous to that, I was a senior security engineer at Antgroup, designed and implemented high performance MPC computation system.

I received my Bachelor and Master degree at Wangxuan Institute of Computer Technology (WICT) of Peking University (PKU). My research includes browser fingerprinting and it’s detection techniques. I also worked on web security, privacy enhancing technologies and program (JavaScript and linux binary) analysis. I was a member of CTF team r3kapig (ID: n0b0dy), and I mainly focus on web challenges.

I’m interested in music. I have participated in the rehearsal of the PKU EECS chorus competition for 7 years (link), and I sing as Base in the choir. I’m also interested in Chinese opera.

Contact

• Email: contact [AT] litianyi.site
• Github: https://github.com/n0b0dyCN

Work Experience

• 2023.5 - present, Blockchain Security Engineer @ CertiK
  • Layer 1 blockchain fuzzing (Massa, Cosmos).
  • EVM emulation toolkit development focusing on speed and extensibility.
  • Building a transaction emulation & monitoring tool upon the toolkit supporting EVM compatable chain with high performance (10-50ms/tx).
  • Building a no-code testing tool for smart contract upon the toolkit, write rules for EIP standard (ERC20, ERC721, ERC4626, etc.) and attack patterns (e.g., Inflation attack), support testing against source code and on-chain contracts.
  • Build web user interface for the tools.
  • Tech Stack: Rust, Solidity, Golang
• 2021.7 - 2023.5, Senior Security Engineer @ Antgroup
  • Develop distributed and fast MPC engine (TECC) from scratch
  • Design & implement distributed data analysis framework from scratch
  • Tech Stack: Rust, PURE C, Python, Intel SGX with Occlum, a little bit Java
  • Patents involved (first author): CN114726514A, CN114692060A
  • Patents involved (other): CN114726512A, CN114726511A, CN114726580A, CN114003962A, CN113992439A, CN113987554A
  • Public available resources: TECC white paper, TECC in WAIC 2022

Education

• 2018 - 2021, Peking University (PKU)
  • Wangxuan Institute of Computer Technology (WICT)
  • Master of Science in Computer Application Technology
• 2014 - 2018, Peking University (PKU)
  • School of Electronics Engineering and Computer Science (EECS)
  • Bachelor of Science in Computer Science and Technology

Research Interest

• Web Security & Privacy (Vulnerabilities, User Tracking, Web/Internet Measurement)
• Dynamic and Static Program Analysis (JavaScript, Binary)
• Trusted Execution Environment (Intel SGX)

Projects

1. gbdt-rs: A fast and secure GBDT library, supporting TEEs such as Intel SGX and ARM TrustZone
2. Redis Rogue Server: Redis <= 5.0.5 RCE exploit

Publications

[Google Scholar]

1. FPFlow: Detect and Prevent Browser Fingerprinting with Dynamic Taint Analysis
   Tianyi Li, Xiaofeng Zheng, Kaiwen Shen, Xinhui Han
   [S&P POSTER] Security & Privacy IEEE, 2021
   [CCSAC] China Cyber Security Annual Conference, 2021
   [Patent] 基于V8引擎的JavaScript动态污点跟踪方法及电子装置 [CN112199274A]
   poster abstract, paper
2. From Exposed to Exploited: Drawing the Picture of Industrial Control Systems Security Status in the Internet Age
   Yixiong Wu, Jianwei Zhuge, Tingting Yin, Tianyi Li, Junmin Zhu, Guannan Guo, Yue Liu and Jianju Hu
   [ICISSP] International Conference on Information Systems Security and Privacy, 2021
   pdf
3. Poster: gbdt-rs: Fast and Trustworthy Gradient Boosting Decision Tree
   Tianyi Li, Tongxin Li, Yu Ding, Yulong Zhang, Tao Wei, Xinhui Han
   [S&P POSTER] Security & Privacy IEEE, 2019
   pdf, code
4. POSTER: PT-DBG: Automatically anti-debugging bypassing based on Intel Processor Trace
   Guancheng Li, Yongheng Chen, Tianyi Li, Tongxin Li, Xinfeng Wu, Chao Zhang, Xinhui Han
   [S&P POSTER] Security & Privacy IEEE, 2018
   pdf

Patents

1. Dynamic JavaScript taint analysis: CN112199274A
2. Multiparty computation algorithms: CN114726514A, CN114692060A
3. Multiparty computation system design: CN114726512A, CN114726511A, CN114726580A, CN114003962A, CN113992439A, CN113987554A

Selected CTF Awards

• DEFCON 28 CTF Final , 2020 14th place
• DEFCON 27 CTF Final , 2019 10th place
• 0CTF/TCTF 2019 Final, 1st place
• BCTF 2018, 1st place
• XCTF 2018 Final - HITB Beijing, 1st place
• DEFCON 26 CTF Final, 18th place