Minfeng Qi

Qin Wang, Minfeng Qi, Guangsheng Yu et al.

Non-fungible tokens (NFTs) on Ethereum currently follow a binary mobility paradigm: ERC-721 enables unrestricted transfers, whereas SBTs (ERC-5192) prohibit transfers entirely. We identify a design gap in which no standard mechanism supports bounded transferability, where ownership mobility is allowed but limited to a finite number of programmable transfers. We study counted NFT transfers and introduce ERC-7634 as a minimal realization compatible with ERC-721. The design augments each token with a transfer counter and configurable cap L, allowing ownership to evolve under a finite transfer budget. ERC-7634 defines a minimal extension interface with three lightweight functions (transferCountOf, setTransferLimit, and transferLimitOf), two events, and native-transfer hooks, requiring fewer than 60 additional lines of Solidity while preserving full backward compatibility with existing NFT infrastructure. We analyze behavioral and economic consequences of counted transfers. Our results reveal (i) a mobility premium induced by remaining transfer capacity, (ii) a protocol-level costing signal that can deter wash trading in cap-aware markets through irreversible budget consumption, (iii) bounded recursive collateralization enabled by limited ownership turnover, and (iv) associated security and gas-cost implications, including wrapper-bypass trade-offs. Evaluation on calibrated simulations shows that moderate limits (e.g., L = 10) affect fewer than 15% of tokens under representative transfer distributions, while repeated manipulation becomes unprofitable after a few cycles in a cap-aware pricing model; the additional gas overhead remains below 11% per transfer. We further position ERC-7634 within the NFT mobility design space, derive practical cap-selection guidelines, and discuss post-cap ownership outcomes including soulbound conversion, auto-burn, and provenance freeze.

Minfeng Qi, Tianqing Zhu, Zijie Xu et al.

Automated intrusion-style workflows require LLM agents to reason over partial observations, tool outputs, and executable artifacts under bounded budgets. A single LLM instance often compresses evidence extraction, planning, execution, and validation into one context, which increases the risk of context drift and error propagation. Existing LLM-based multi-agent systems support general collaboration, but they do not explicitly model the role boundaries, artifact provenance, and cost constraints that characterize multi-stage intrusion workflows. This paper presents CAESAR, a coordinated multi-agent framework for controlled analysis of LLM-agent behavior in intrusion-style tasks. CAESAR decomposes the workflow into five typed roles and coordinates them through a bounded round protocol with a persistent knowledge base, a per-round workspace, validator-gated knowledge promotion, and capability-token write isolation. We evaluate CAESAR on 25 CTF tasks across five categories and four LLM backends. Compared with a single-agent baseline under matched budgets and tool access, CAESAR improves task success and reduces performance variance, with larger gains on tasks requiring multi-step exploit composition. A secondary simulated interactional-security study suggests that the role structure can transfer beyond code-native surfaces. The results indicate that role transitions, artifact provenance, and knowledge-promotion events provide useful structural signals for monitoring coordinated LLM-agent behavior beyond individual prompt and output inspection. The dataset, implementation, and evaluation logs are released at https://github.com/Xu-Qiu/CMAS.

Xihan Xiong, Minfeng Qi, Shiping Chen et al.

Ethereum Inscriptions (Ethscriptions) repurpose Ethereum calldata into a persistent inscription channel by embedding \texttt{data:}~URI payloads. These transactions typically target externally owned accounts, allowing the payload to bypass EVM execution while remaining permanently replicated across full nodes. Although calldata was originally designed for compact smart-contract parameters, this repurposing enables structured data embedding with long-term storage consequences. We present the first large-scale empirical study of Ethscriptions, treating them as a distinct \emph{calldata-resident workload} rather than merely a subset of general calldata usage. Our analysis focuses on the \textit{Ethscription} operational subset, which consists of payloads that decode to JSON and conform to a token-operation grammar (e.g., \texttt{p}, \texttt{op}, \texttt{tick}, \texttt{amt}). From $6.27$ million Ethscription candidates (\Uone), we extract $4.75$ million Ethscription operations (\Utwo, $75.8\%$ of \Uone). This result shows that structured token-like activity dominates the ecosystem. Our measurements further reveal (i) a complete workload lifecycle compressed into nine months (bootstrap, expansion, saturation), (ii) proliferation of $30$+ competing protocols without convergence toward a dominant standard, (iii) a lifecycle funnel exhibiting $201\times$ deploy-to-mint amplification and a $57.6{:}1$ mint-to-transfer collapse indicative of speculative minting, (iv) extreme participation inequality (Gini~$0.86$), and (v) a measurable permanent data footprint imposed on the Ethereum network.

Yizhe Xie, Congcong Zhu, Xinyue Zhang et al.

Large Language Model-based Multi-Agent Systems (LLM-MAS) are increasingly applied to complex collaborative scenarios. However, their collaborative mechanisms may cause minor inaccuracies to gradually solidify into system-level false consensus through iteration. Such risks are difficult to trace since errors can propagate and amplify through message dependencies. Existing protections often rely on single-agent validation or require modifications to the collaboration architecture, which can weaken effective information flow and may not align with natural collaboration processes in real tasks. To address this, we propose a propagation dynamics model tailored for LLM-MAS that abstracts collaboration as a directed dependency graph and provides an early-stage risk criterion to characterize amplification risk. Through experiments on six mainstream frameworks, we identify three vulnerability classes: cascade amplification, topological sensitivity, and consensus inertia. We further instantiate an attack where injecting just a single atomic error seed leads to widespread failure. In response, we introduce a genealogy-graph-based governance layer, implemented as a message-layer plugin, that suppresses both endogenous and exogenous error amplification without altering the collaboration architecture. Experiments show that this approach raises the defense success rate from a baseline of 0.32 to over 0.89 and significantly mitigates the cascading spread of minor errors.

Minfeng Qi, Lin Zhong, Qin Wang

Blockchain assets are increasingly controlled by organizations rather than individuals. DAO treasuries, consortium wallets, and custodial exchanges rely on threshold authorization and multi-party key management, yet existing payment mechanisms still target single-user wallets, leaving no unified solution for organizational transfers. We formalize the problem of \emph{DAO-to-(anonymous)-DAO} transactions and present \textsc{Dao$^2$}, a framework that enables one threshold-controlled organization to pay another, optionally with recipient anonymity, while keeping received funds under distributed control. \textsc{Dao$^2$} combines three components: \emph{distributed key derivation} (DKD) for non-stealth child addresses, \emph{distributed stealth-address generation} (DSAG) for unlinkable one-time destinations, and \emph{threshold signatures} for authorization. For ordinary transfers, the receiver derives a non-stealth address via DKD; for anonymous transfers, it derives a stealth address via DSAG. The sender then threshold-signs the payment, and the receiver redeems the funds without reconstructing any master secret. We formally prove its security and evaluate a prototype. A complete anonymous DAO-to-DAO transaction for a typical-sized (e.g., 7-member) DAO finishes in under 27\,ms with less than 1.2\,KB of communication, and scales linearly with DAO size.

Minfeng Qi, Zhongmin Cao, Qin Wang et al.

Preprint repositories become central infrastructures for scholarly communication. Their expansion transforms how research is circulated and evaluated before journal publication. Generative large language models (LLMs) introduce a further potential disruption by altering how manuscripts are written. While speculation abounds, systematic evidence of whether and how LLMs reshape scientific publishing remains limited. This paper addresses the gap through a large-scale analysis of more than 2.1 million preprints spanning 2016--2025 (115 months) across four major repositories (i.e., arXiv, bioRxiv, medRxiv, SocArXiv). We introduce a multi-level analytical framework that integrates interrupted time-series models, collaboration and productivity metrics, linguistic profiling, and topic modeling to assess changes in volume, authorship, style, and disciplinary orientation. Our findings reveal that LLMs have accelerated submission and revision cycles, modestly increased linguistic complexity, and disproportionately expanded AI-related topics, while computationally intensive fields benefit more than others. These results show that LLMs act less as universal disruptors than as selective catalysts, amplifying existing strengths and widening disciplinary divides. By documenting these dynamics, the paper provides the first empirical foundation for evaluating the influence of generative AI on academic publishing and highlights the need for governance frameworks that preserve trust, fairness, and accountability in an AI-enabled research ecosystem.

Jiabao Shi, Minfeng Qi, Lefeng Zhang et al.

Multimodal text-to-image generation remains constrained by the difficulty of maintaining semantic alignment and professional-level detail across diverse visual domains. We propose a multi-agent reinforcement learning framework that coordinates domain-specialized agents (e.g., focused on architecture, portraiture, and landscape imagery) within two coupled subsystems: a text enhancement module and an image generation module, each augmented with multimodal integration components. Agents are trained using Proximal Policy Optimization (PPO) under a composite reward function that balances semantic similarity, linguistic visual quality, and content diversity. Cross-modal alignment is enforced through contrastive learning, bidirectional attention, and iterative feedback between text and image. Across six experimental settings, our system significantly enriches generated content (word count increased by 1614%) while reducing ROUGE-1 scores by 69.7%. Among fusion methods, Transformer-based strategies achieve the highest composite score (0.521), despite occasional stability issues. Multimodal ensembles yield moderate consistency (ranging from 0.444 to 0.481), reflecting the persistent challenges of cross-modal semantic grounding. These findings underscore the promise of collaborative, specialization-driven architectures for advancing reliable multimodal generative systems.