Abstract

The emergence of Web3 is reshaping the Fintech landscape by enabling decentralized, trustless value transfer at scale. However, this paradigm shift also introduces new security challenges across multiple layers—from blockchain protocols and smart contract libraries to application-level logic and transaction monitoring. In this talk, I will provide a comprehensive overview of the Web3 security landscape, highlighting empirical studies on system-level blockchain vulnerabilities [FSE'22] and the propagation of bugs in forked chains [NDSS'23]. I will also discuss our latest research on detecting misuse and vulnerabilities in widely adopted smart contract libraries such as OpenZeppelin [USENIX'24 & ASE'25], as well as the role of large language models (LLMs) in enhancing vulnerability reasoning [ICSE'24], automated auditing [ICSE'25], and formal verification [NDSS'25 Distinguished Paper]. Finally, I will outline emerging research directions, including LLM-based transaction analysis and cross-module verification, aimed at achieving a more secure and resilient Web3 ecosystem.