Fuchen Ma

Email: fuchenma525@gmail.com
11-308, East-Main Building
School of Software, Tsinghua University
Background: I received my Ph.D in Tsinghua University in 2024, advised by Prof. Jiaguang Sun and Prof. Yu Jiang. I got my Bachelor’s degree in Beijing University of Posts and Telecommunications in 2019. Currently, I’m a postdoctoral researcher (a shuimu scholar) in Tsinghua University. My research focuses on the fuzzing testing of blockchain systems, distributed systems, and protocol implementations.
Research Achievements: I’ve published 20+ papers in top-tier conferences and journals such as CCS, NDSS, USENIX Security, S&P, TSE, and TOSEM. I have detected 50+ vulnerabilities in renowned commercial blockchain systems such as FISCO BCOS, Diem, HyperLedger Fabric and Go-Ethereum, with 14 CVEs assigned by US National Vulnerabilities Database.
Awards: My doctoral dissertation was recognized as an Excellent Doctoral Dissertation by the China Institute of Electronics. I achieved the First Prize of the Beijing Science and Technology Progress Award in 2024 (ranking 4/15). In the same year, I also achieved the China Computer Federation’s(CCF) First Prize for Technical Invention (ranking 3/6). In 2021, I was recognized as the MVP of the year by the FISCO BCOS community and selected as a Tencent Elite Talent. I also received the National Scholarship in 2023 and was named an Outstanding Graduate of Beijing in 2024.
Current Research: Currently, I’m working on two projects: 1) Explore the industry practise for fuzzing on blockchain systems. 2) Effective fuzzing on IoT devices’ protocols (such as protocols for the IP cameras). If you are interested in my research or have any questions, please feel free to contact with me.
news
Apr 08, 2025 | Thrilled to share that I was awarded a grant by the Aptos Foundation. We will integrate our fuzzer into Aptos consensus protocol. ![]() ![]() |
---|---|
Mar 28, 2025 | My doctoral dissertation was recognized as an Excellent Doctoral Dissertation by the China Institute of Electronics. ![]() ![]() |
Feb 27, 2025 | Our paper entitled ‘CMFuzz: Parallel Fuzzing of IoT Protocols by Configuration Model Identification and Scheduling’ got accepted by DAC 2025!!! ![]() ![]() |
Feb 24, 2025 | Our paper entitled ‘Chord: Towards a Unified Detection of Blockchain Transaction Parallelism Bugs’ got accepted by ICSE 2025!!! ![]() ![]() |
Jan 24, 2025 | Our paper entitled ‘Finding Metadata Inconsistencies in Distributed File Systems via Cross-Node Operation Modeling’ got accepted by USENIX Security 2025!!! ![]() ![]() |
selected publications
- USENIX Security ’25Finding Metadata Inconsistencies in Distributed File Systems via Cross-Node Operation ModelingIn 34th USENIX Security Symposium (USENIX Security 25), Aug 2025
- S&P ’24Chronos: Finding Timeout Bugs in Practical Distributed Systems by Deep-Priority Fuzzing with Transient DelayIn 2024 IEEE Symposium on Security and Privacy (SP), Aug 2024
- NDSS ’23LOKI: State-Aware Fuzzing Framework for the Implementation of Blockchain Consensus Protocols.In Proceedings of the 2023 Network and Distributed System Security Symposium, Aug 2023
- CCS ’23Phoenix: Detect and locate resilience issues in blockchain via context-sensitive chaosIn Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, Aug 2023
- S&P ’23Tyr: Finding consensus failure bugs in blockchain system with behaviour divergent modelIn 2023 IEEE Symposium on Security and Privacy (SP), Aug 2023
- TOSEM ’23Pied-piper: Revealing the backdoor threats in ethereum erc token contractsACM Transactions on Software Engineering and Methodology, Aug 2023
- TOIT ’23V-Gas: Generating high gas consumption inputs to avoid out-of-gas vulnerabilityACM Transactions on Internet Technology, Aug 2023
- TSE ’21Pluto: Exposing vulnerabilities in inter-contract scenariosIEEE Transactions on Software Engineering, Aug 2021
- ESEC/FSE ’21Making smart contract development more secure and easierIn Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Aug 2021
- IPM ’21Security reinforcement for Ethereum virtual machineInformation Processing & Management, Aug 2021
- SANER ’19EVM*: From offline detection to online reinforcement for Ethereum virtual machineIn 2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER), Aug 2019
- USENIX Security ’19EnFuzz: Ensemble Fuzzing with Seed Synchronization among Diverse FuzzersIn 28th USENIX Security Symposium (USENIX Security 19), Aug 2019