Shayan Eskandari PhD / Security Geek Based in Toronto 🇨🇦

About

Shayan has completed his PhD at Concordia University, investigating "Uncovering Blockchain Challenges: Technical Nuances and their Unforeseen Consequences" Beyond academia, he is the co-founder and security auditor at Creed. In the past, he was leading as the Head of Security at Puffer Finance and formerly guided Ether Capital as its Chief Technology Officer. His tenure at ConsenSys Diligence as a security engineer and smart contract auditor showcases his deep involvement in blockchain's technical frontiers. With years dedicated to network and information systems security, Shayan's expertise spans blockchain engineering in startups to contributions in open source projects. Since 2012, his work has embraced blockchain technology from a multifaceted viewpoint, producing scholarly work on its psychological aspects to the technicalities of smart contract vulnerabilities.


Publications

Uncovering Blockchain Challenges: Technical Nuances and their Unforeseen Consequences

PhD thesis, Concordia University - 2024

Paper  

SoK: Oracles from the Ground Truth to Market Manipulation

ACM Advances in Financial Technologies - 2021

Paper   Video  

Systemizing the Challenges of Auditing Blockchain-Based Assets

Journal of Information Systems ISYS-19-007 - 2020

Paper  

The Middleman is Dead, Long Live the Middleman: The “trust factor” and the psycho-social implications of blockchain

Frontiers in Blockchain Journal - Human-Centric Constituents in Times of Decentralization - 2019

Paper  

Resolving the Multiple Withdrawal Attack on ERC20 Tokens

IEEE SECURITY & PRIVACY ON THE BLOCKCHAIN (IEEE S&B 2019) - 2019

Paper  

SoK: Transparent Dishonesty: front-running attacks on Blockchain.

FC 2019 Financial Cryptography and Data Security, St. Kitts - 2019

GitHub   Paper   Slides   Video  

Press: ConsenSys Diligence  

A first look at browser-based Cryptojacking

IEEE SECURITY & PRIVACY ON THE BLOCKCHAIN (IEEE S&B) 2018 University College London (UCL), London, UK - 2018

GitHub   Paper   Slides  

Press: Schneier on Security   Cointelegraph   Motherboard Vice   Cointelegraph   Cryptoinsider   Randed   Bleepingcomputer  

On the feasibility of decentralized derivatives markets

FC 2017 Financial Cryptography and Data Security, Malta - 2017

GitHub   Paper  

Press: Coindesk   Bitaccess   bitcoin.com  

Buy your coffee with bitcoin: Real-world deployment of a bitcoin point of sale terminal

Advanced and Trusted Computing (ATC), 2016 Intl IEEE Conferences, Toulouse, France. -

GitHub   Paper  

Press: Cafe Aunja   Cointelegraph  

Real-world Deployability and Usability of Bitcoin

Thesis (M.A. Sc.) - Concordia University, 2015 -

Paper  

A first look at the usability of bitcoin key management

USEC 15 NDSS Workshop on Usable Security (USEC) 2015, San Diego, CA, USA, February 8, 2015, Internet Society -

Paper  

Press: The Morning Paper   VentureSkies   Standford, Bitcoin and Cryptocurrency Technologies Syllabus   Hackernoon   Blocks and Chains (Book)   ACM Queue Research for Practice   King Abdullah University, Blockchain Systems and Cryptocurrencies Syllabus  

Monitoring system calls for anomaly detection in modern operating systems

Software Reliability Engineering Workshops (ISSREW), 2013 IEEE International Symposium -

GitHub   Paper  


Previous Projects

Legions - Ethereum/EVM Node Security Toolkit

Legions is a handy toolkit for (security) researchers poking around EVM (Ethereum Virtual Machine) nodes and smart contracts, now with a slick command-line interface, with auto complete commands and history.

GitHub Homepage

Catena Blockchain Suite

The Catena Blockchain Suite is an industry first product to quickly enable publishing of complex datasets onto public or private blockchains. Utilising smart contracts and hardware security modules, Catena enables a new level of data consistency and integrity. Government of Canada, piloted by National Research Council (NRC) is using the Catena Blockchain Suite on the Ethereum blockchain, to publish funding and grant information in real time.

GitHub Homepage
Press: National Research Council Canada   GlobalNews   Newswire   ETHNews   TrustNodes  

LibSubmarine - Defeat Front-Running on Ethereum

LibSubmarine is an open-source smart contract library that makes it easy to protect your contract against front-runners by temporarily hiding transactions on-chain.

GitHub Homepage
Press: Ethereum Foundation - DevCon4   Hackernoon   Ethereum Foundation - DevCon4  

Bitaccess Enterprise Wallet

Bitaccess offers Bitcoin ATM and online software solutions to purchase and sell Bitcoin and Ethereum. I joined Bitaccess in 2015 to redesign and develop a new enterprise cloud wallet for better scalability of the BTM network and easier integration of the wallets in the software solutions.

GitHub Homepage
Press: Enterprise Wallet   TechCrunch   Bitcoin.com   CoinDesk  

Velocity Technology

Velocity is a decentralized options platform that allows users to enter into a collar option using a smart contract on the ethereum blockchain. Velocity platform includes smart contracts responsible for the trades and, PriceGeth, an oracle to publish price pairs on Ethereum blockchain at every blocktime.

GitHub
Press: Steemit   ETHNews   IBSIntelligence   siliconANGLE   BlockTribune  

Keystamp, An open-source Proof-of-Compliance standard on the blockchain

Ontario Securities Commission Hackathon 1st Prize Winner. Integrating applied cryptography and blockchain technologies in existing corporate processes and commercial relationships, such as compliance policy implementation and audit.

GitHub Homepage
Press: Betakit   TimelyDisclosure   Ontario Securities Commission   Keystamp Pitch in RegHackTo  

Shir Ya Khat

Farsi (Persian) educational podcast on Blockchain technologies and cryptocurrencies

Homepage
Press: CoinIran  


Lectures and Panels

Oracle Extractable Value: Unlocking New Revenue Models

Blockchain Oracle Summit - 2024

Panel Moderator: Oracle Extractable Value (OEV): Unlocking New Revenue Models and Sustainability for Oracles & Dapps. Discussing Oracle Extractable Value (OEV) and its role in the broader narrative of Maximal Extractable Value (MEV), Panelists: Hart Lambur (UMA), Tesa Ho (Flashbots), Ugur Mersinlioglu (API3), Ariah Klages-Mundt (Gyroscope)

Website   Video  

IranUnchained -- NGO meets DAO

ETHPrague - 2023

Woman, Life, Freedom. A cultural revolution is underway in Iran. We look at how Ethereum and web3 tools can help (and are already helping) Iranians fighting for freedom against censorship, surveillance, and oppression. We will also discuss how sanctions over-compliance prevents legal aid from reaching Iran and present our newly formed IranUnchained NGO (built on Moloch v3) as a potential solution.

Website   Video  

In real Life: Web3 and Sanctions

Autonomous Ecologies - 2023

When we discuss Web3 and public goods, we don't consider geographical borders or language as a pressing issue, however, IRL many of the activists in the community have been banned from using what we take for granted as public good or protocols in web3, just because of the country they were born in or the language they speak. We want to shed some light on these incidents and raise awareness.

Website   Video  

Don't Trust, Verify What's At Stake

EthDenver - 2023

Transparency has never been more important to those of us who have been in the space for a while and others who are just getting started. As the first public company to stake a large sum of ether (36,000 ETH), we learned firsthand about the lack of sufficient data pipelines that made it difficult to meet certain auditing requirements. That's when we decided to build our staking dashboard — a custom solution that allows us to track our staking rewards, gives us direct insight into our validators performance and aggregates data into one easy-to-use platform saving us both time and money.

Website   Video  

Terminologies and Regulations in Web3

Researching Web3 Workshop - 2022

Shayan Eskandari of Ether Capital and Concordia University defines relevant terms and discusses regulatory effects on web3 at the 2022 Researching Web3 Workshop, sponsored by Smart Contract Research Forum. Shayan chats about cold storage as an example of how ambiguous definitions can have tangible regulatory impacts on blockchain technologies.

Website   Video  

Oracles from the Ground Truth to Market Manipulation

Liquidity2020 - 2020

Website   Video  

Expert panel: Emerging Challenges and Opportunities in FinTech

Association of Certified Fraud Examiners (ACFE) Montreal Chapter - 2020

Website  

How Bitcoin Moves Value In & Out Of Closed Economies

DeFi Discussions - Dystopia Labs - 2020

Website   Video  

Blockchain Through Philosophy

Shir Ya Khat Podcast - 2020

The latest episode of Shir Ya Khat looks at the Blockchain technology with a radical philosophical narrative and discuss the changes it can bring in the way we exist in the coming years.

Website   Video  

Transparent Dishonesty: Blockchain Front-Running Taxonomy

Stanford Blockchain Conference, Palo Alto, USA - 2020

Website   Video  

Breaking Smart Contracts

DevCon V, Osaka, Japan - 2019

Website   Video  

Transparent Dishonesty: Blockchain Front-Running Taxonomy

DevCon V, Osaka, Japan - 2019

Website   Video  

Security By Design and Smart Contract Audits

Blockchain Training Conference, Denver, USA - 2019

This session will cover why smart contracts are the new paradigm of software development. The idea of a serverless application running in a public ledger with open interface is new to most developers and hence common practices in traditional programming could easily result in security vulnerabilities in decentralized applications. The second half of the session will focus on smart contract code auditing and hands on code review on real smart contracts.

Website   Slides   Video  

Smashing Smart Contracts: Detecting and Exploiting Vulnerabilities in EVM bytecode

Blockchain Village @ DEFCON 27, Las Vegas, USA - 2019

Hacking & exploitation Solidity/EVM smart contracts, and practicing them on CaptureTheEther and OpenZeppelin Ethernaut challanges.

Website   GitHub  

Democratic Improvement Proposals for decentralization projects

IETF 105 Montreal - 2019

Blockchain and DLT based systems are waiting in the wings to join the potpourri of core technology that makes up our future digital lives. Both core internet infrastructure technology and many DLT solutions have one thing in common: They are developed with a diverse open source developer community and carry significant security risk. To manage software change related risks both Bitcoin and Ethereum have derived their own process of managing change proposals. For Ethereum changes are discussed and agreed upon in the Ethereum Improvement Proposal (EIP) process. However given the non-hierarchy management model, there have been many approaches and obstacles to make this process as close to a democratic procedure as possible. It is working, but far from perfect and there are many good approaches and lessons learnt. EIP requires input from experts at IETF to shape up and standardize.

Website   Slides   Video  

Breaking Smart Contracts

NorthSec, Montreal, Canada - 2019

Some of the most financially devastating hacks in recent years have happened on the blockchain. This Ethereum focused workshop, will teach you the fundamentals of writing and breaking smart contracts.

Website  

The Thing from the Future: A Reverse Archeology Game

Consensus, New York, USA - 2019

The Thing From The Future is an award-winning imagination game that challenges players to collaboratively and competitively describe objects from a range of alternative futures. Participate in this Reverse Archeology game.

Website  

Social Innovation: International Development and Blockchain

McGill University, Montreal, Canada - 2019

Panel: Blockchain technology has shaken the Financial and Technological worlds with its unprecedented ability to decentralize governance, provide secure data storage and allow Participants to interact in a fresh way over the internet.

Website  

SoK: Transparent Dishonesty: front-running attacks on Blockchain.

Financial Cryptography, St. Kitts - 2019

3rd Workshop of Trusted Smart contract - FC 2019 Financial Cryptography and Data Security - Paper Presentation

Website   Slides  

Blockchain Myopia, A thing from the Future

DevCon4, Prague, Czech Republic - 2018

An experimental session that involved an award-winning imagination game called 'The thing from the Future' that challenges players to collaboratively and competitively describe objects from a range of alternative futures. We discussed topics that range from the technological utopian visions conceptualized by the flag bearers of Blockchain/Unicorn-land to the technological dystopian hypotheticals of unstoppable dark markets.

Website  

Cryptojacking, victimless crime or a new online economy?

Blockchain Technology Symposium - from Hype to Reality, UofT, Canada - 2018

Cryptojacking is the invisible use of one’s resources to mine cryptocurrency for someone else’s profit. Even though these attacks rose by 8500 percent in the final quarter of 2017, it seems that this phenomena is neither well-studied or well-known. In the follow up of the published paper, we invite the community from crypto-communities to ethicists to start the conversation on the policies and regulation for this new online monetization architecture.

Website   Video  

Cocktail Blockchain

Blockhouse, Montreal, Canada. - 2018

Panel organized by National Bank of Canada, Catallaxy and Ivado.
Discussion regarding the use of blockchain now and in the future in the real world and how organizations such as banks can use Blockchain technology and smart contracts to facilitate trust and security within their infrastructure.

Website  

SecRev - The Security Revolution from Montreal

Montreal, Canada. - 2018

The Cybersecurity Revolution is an event conceived to openly encourage sharing and interaction among the wider cybersecurity research community. It is an event focused around research, education, science and learning and not the furthering of commercial interests. On this talk I presented my work on the first look at browser-based Cryptojacking.

Website   Paper   Slides   Video  

2nd Annual Blockchain Bootcamp

Blockhouse (Catallaxy), Montreal, Canada. - 2018

This blockchain bootcamp is an introductory level workshop that will teach the attendees the main building blocks of blockchain, with hands on experience with timestamping and associated use cases.

Website  

A first look at browser-based Cryptojacking

IEEE SECURITY & PRIVACY ON THE BLOCKCHAIN (IEEE S&B) 2018 University College London (UCL), London, UK - 2018

Security & Privacy on the Blockchain (affiliated with Euro S&P) - Paper Presentation

GitHub   Paper   Slides  

Blockchain Fundamentals

Concordia University, Montreal, Canada - 2018

Covering all of the basic fundamentals of blockchain and societal impact of this innovative technology.

Website   Slides  

WTH is Bitcoin?

Technologies, World and Societies Class, School of Sociological and Anthropological Studies, University of Ottawa, Canada - 2018

A through historical view of where Bitcoin and Blockchain technology came from and how it evolved to be what we know now.

Slides  

Bootstrap Ethereum Development

ETHWaterloo, Waterloo, Canada - 2017

A walkthrough on Ethereum development stack, describing how EVM and Full nodes function, Requirements for interprise high scale setup and how to deploy smart contracts on Ethereum hacker-style and fast

Website   Slides  

On the feasibility of decentralized derivatives markets

Financial Cryptography 17, Malta - 2017

1st Workshop on Trusted Smart Contracts In Association with Financial Cryptography 2017 - Paper presentation

Website   Slides  

Buy your coffee with bitcoin, Real-world deployment of a bitcoin point of sale terminal

Advanced and Trusted Computing 15, Toulouse, France - 2016

Advanced and Trusted Computing (UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld), 2016 Intl IEEE Conferences - Paper presentation

Website   Slides  

A first look at the usability of bitcoin key management

Network and Distributed System Security (NDSS), San Diego, United States - 2015

USEC 15 NDSS Workshop on Usable Security (USEC) - Paper presentation and discussion

Website   Slides  

Introduction to Bitcoin

Shahid Beheshti University, Tehran, Iran - 2015

The first workshop on Bitcoin and Blockchain technology in Iran. This workshop organized by SBU Computer Science Scientific Association was designed to introduce and discuss research possibilities regarding Blockchain technology for graduate students and other interested parties.

Video  


Skills

Work

2023 - Co-founder & Security Auditor @ Creed
2023 - 2024 Head of Security @ Puffer Finance
2021 - 2023 Chief Technology Officer @ Ether Capital
2018 - 2021 Security Engineer & Auditor @ ConsenSys Diligence
2015 - 2018 Blockchain Engineer @ Bitaccess
2008 - 2012 Co-founder, CTO @ i-Phone.ir

Nonprofit

2023 - Co-founder @ IranUnchained DAO/NGO
2021 - Co-founder / Instructor @ CoinIran Academy
2014 - Founder @ Shir Ya Khat

CVE

2018 CVE-2018-1000023 NIST NVD