This thesis presents a multi-layer dynamic security framework for protecting DeFi smart contracts against evolving attack vectors that traditional static analysis and security audits fail to detect. The framework addresses the critical challenge that many DeFi exploits succeed not due to source code bugs, but because of flawed assumptions about user behaviors and external dependencies that emerge only during runtime. The proposed system consists of three complementary components: (1) CrossGuard, a pre-deployment control flow integrity enforcement system that only whitelists legitimate function invocation patterns; (2) Trace2Inv, a runtime invariant generation and enforcement tool that learns user behavioral patterns from historical transaction data across 23 invariant templates; and (3) a systematic DeFi risk analysis tool that evaluates compositional risks and dependencies across the entire DeFi ecosystem. The framework leverages the programmable and upgradeable nature of modern smart contracts to progressively tighten security measures as protocols establish stable operational patterns. Initial evaluation targets demonstrate blocking 85% of historical exploits with less than 1% false positive rate and under 20% gas overhead. This approach provides an orthogonal defense layer that complements existing security measures.

Zhiyang is a PhD student at the University of Toronto, supervised by Prof. Fan Long. He is also a Research Engineer at Zircuit, a Layer 2 blockchain project focused on zkRollups with sequencer-level security. Prior to this, he worked at Quantstamp, a leading smart contract auditing company. Before that, he was fortunate to be advised by Prof. Xinyu Wang at the University of Michigan, where he worked on several program synthesis projects.

His current research focuses on detecting poisoning in LLMs, specifically, how malicious code can be generated in response to completely benign and legitimate user queries, as well as on optimizing zkVM performance, smart contract security through static and dynamic analysis, and blockchain scalability.

Broadly, his research interests lie in Programming Languages, Software Engineering, Security, and Distributed Systems.