Shayan Eskandari Senior Blockchain Engineer / PhD Student Full on Blockchain enthusiast, Security in essence. Based in Montreal, QC.

About

Shayan is currently completing his doctoral studies in Information Systems Engineering at Concordia University. He has worked in network and information systems security for several years and has extensive experience as a blockchain engineer in startups as well as contributing to open source projects. He is currently dedicating both his intellectual and professional pursuits towards Blockchain technology. Looking at the technology from an interdisciplinary perspective, Shayan has been working on multiple academic papers varying from exploring the psychology of Blockchain to decentral exchanges.

Publications

Systemizing the Challenges of Auditing Blockchain-Based Assets

[Submitted]

Paper  

The Middleman is Dead, Long Live the Middleman: The “trust factor” and the psycho-social implications of blockchains

[Under Review]



Resolving the Multiple Withdrawal Attack on ERC20 Tokens

IEEE SECURITY & PRIVACY ON THE BLOCKCHAIN (IEEE S&B 2019)

Paper  

SoK: Transparent Dishonesty: front-running attacks on Blockchain.

FC 2019 Financial Cryptography and Data Security, St. Kitts

GitHub   Paper   Slides  

Press: ConsenSys Diligence  

A first look at browser-based Cryptojacking

IEEE SECURITY & PRIVACY ON THE BLOCKCHAIN (IEEE S&B) 2018 University College London (UCL), London, UK

GitHub   Paper   Slides  

Press: Schneier on Security   Cointelegraph   Motherboard Vice   Cointelegraph   Cryptoinsider   Randed   Bleepingcomputer  

On the feasibility of decentralized derivatives markets

FC 2017 Financial Cryptography and Data Security, Malta

GitHub   Paper  

Press: Coindesk   Bitaccess   bitcoin.com  

Buy your coffee with bitcoin: Real-world deployment of a bitcoin point of sale terminal

Advanced and Trusted Computing (ATC), 2016 Intl IEEE Conferences, Toulouse, France.

GitHub   Paper  

Press: Cafe Aunja   Cointelegraph  

Real-world Deployability and Usability of Bitcoin

Thesis (M.A. Sc.) - Concordia University, 2015

Paper  

A first look at the usability of bitcoin key management

USEC 15 NDSS Workshop on Usable Security (USEC) 2015, San Diego, CA, USA, February 8, 2015, Internet Society

Paper  

Press: The Morning Paper   VentureSkies   Standford, Bitcoin and Cryptocurrency Technologies Syllabus   Hackernoon   Blocks and Chains (Book)   ACM Queue Research for Practice   King Abdullah University, Blockchain Systems and Cryptocurrencies Syllabus  

Monitoring system calls for anomaly detection in modern operating systems

Software Reliability Engineering Workshops (ISSREW), 2013 IEEE International Symposium

GitHub   Paper  


Projects

Catena Blockchain Suite

The Catena Blockchain Suite is an industry first product to quickly enable publishing of complex datasets onto public or private blockchains. Utilising smart contracts and hardware security modules, Catena enables a new level of data consistency and integrity. Government of Canada, piloted by National Research Council (NRC) is using the Catena Blockchain Suite on the Ethereum blockchain, to publish funding and grant information in real time.

GitHub Homepage
Press: National Research Council Canada   GlobalNews   Newswire   ETHNews   TrustNodes  

LibSubmarine - Defeat Front-Running on Ethereum

LibSubmarine is an open-source smart contract library that makes it easy to protect your contract against front-runners by temporarily hiding transactions on-chain.

GitHub Homepage
Press: Ethereum Foundation - DevCon4   Hackernoon   Ethereum Foundation - DevCon4  

Bitaccess Enterprise Wallet

Bitaccess offers Bitcoin ATM and online software solutions to purchase and sell Bitcoin and Ethereum. I joined Bitaccess in 2015 to redesign and develop a new enterprise cloud wallet for better scalability of the BTM network and easier integration of the wallets in the software solutions.

GitHub Homepage
Press: Enterprise Wallet   TechCrunch   Bitcoin.com   CoinDesk  

Velocity Technology

Velocity is a decentralized options platform that allows users to enter into a collar option using a smart contract on the ethereum blockchain. Velocity platform includes smart contracts responsible for the trades and, PriceGeth, an oracle to publish price pairs on Ethereum blockchain at every blocktime.

GitHub
Press: Steemit   ETHNews   IBSIntelligence   siliconANGLE   BlockTribune  

Keystamp, An open-source Proof-of-Compliance standard on the blockchain

Ontario Securities Commission Hackathon 1st Prize Winner. Integrating applied cryptography and blockchain technologies in existing corporate processes and commercial relationships, such as compliance policy implementation and audit.

GitHub Homepage
Press: Betakit   TimelyDisclosure   Ontario Securities Commission   Keystamp Pitch in RegHackTo  

Shir Ya Khat

Farsi (Persian) educational podcast on Blockchain technologies and cryptocurrencies

Homepage
Press: CoinIran  


Lectures and Panels

Security By Design and Smart Contract Audits

Blockchain Training Conference - 2019

This session will cover why smart contracts are the new paradigm of software development. The idea of a serverless application running in a public ledger with open interface is new to most developers and hence common practices in traditional programming could easily result in security vulnerabilities in decentralized applications. The second half of the session will focus on smart contract code auditing and hands on code review on real smart contracts.

Website   Slides  

Smashing Smart Contracts: Detecting and Exploiting Vulnerabilities in EVM bytecode

Blockchain Village @ DEFCON 27 - 2019

Hacking & exploitation Solidity/EVM smart contracts, and practicing them on CaptureTheEther and OpenZeppelin Ethernaut challanges.

Website   GitHub  

Democratic Improvement Proposals for decentralization projects

IETF 105 Montreal - 2019

Blockchain and DLT based systems are waiting in the wings to join the potpourri of core technology that makes up our future digital lives. Both core internet infrastructure technology and many DLT solutions have one thing in common: They are developed with a diverse open source developer community and carry significant security risk. To manage software change related risks both Bitcoin and Ethereum have derived their own process of managing change proposals. For Ethereum changes are discussed and agreed upon in the Ethereum Improvement Proposal (EIP) process. However given the non-hierarchy management model, there have been many approaches and obstacles to make this process as close to a democratic procedure as possible. It is working, but far from perfect and there are many good approaches and lessons learnt. EIP requires input from experts at IETF to shape up and standardize.

Website   Slides   Video  

Breaking Smart Contracts

NorthSec, Montreal - 2019

Some of the most financially devastating hacks in recent years have happened on the blockchain. This Ethereum focused workshop, will teach you the fundamentals of writing and breaking smart contracts.

Website  

The Thing from the Future: A Reverse Archeology Game

Consensus, New York - 2019

The Thing From The Future is an award-winning imagination game that challenges players to collaboratively and competitively describe objects from a range of alternative futures. Participate in this Reverse Archeology game.

Website  

Social Innovation: International Development and Blockchain

McGill University, Montreal - 2019

Panel: Blockchain technology has shaken the Financial and Technological worlds with its unprecedented ability to decentralize governance, provide secure data storage and allow Participants to interact in a fresh way over the internet.

Website  

SoK: Transparent Dishonesty: front-running attacks on Blockchain.

Financial Cryptography, St. Kitts - 2019

3rd Workshop of Trusted Smart contract - FC 2019 Financial Cryptography and Data Security - Paper Presentation

Website   Slides  

Blockchain Myopia, A thing from the Future

DevCon4, Prague, Czech Republic - 2018

An experimental session that involved an award-winning imagination game called 'The thing from the Future' that challenges players to collaboratively and competitively describe objects from a range of alternative futures. We discussed topics that range from the technological utopian visions conceptualized by the flag bearers of Blockchain/Unicorn-land to the technological dystopian hypotheticals of unstoppable dark markets.

Website  

Cryptojacking, victimless crime or a new online economy?

Blockchain Technology Symposium - from Hype to Reality, UofT, Canada - 2018

Cryptojacking is the invisible use of one’s resources to mine cryptocurrency for someone else’s profit. Even though these attacks rose by 8500 percent in the final quarter of 2017, it seems that this phenomena is neither well-studied or well-known. In the follow up of the published paper, we invite the community from crypto-communities to ethicists to start the conversation on the policies and regulation for this new online monetization architecture.

Website   Video  

Cocktail Blockchain

Blockhouse, Montreal, Canada. - 2018

Panel organized by National Bank of Canada, Catallaxy and Ivado.
Discussion regarding the use of blockchain now and in the future in the real world and how organizations such as banks can use Blockchain technology and smart contracts to facilitate trust and security within their infrastructure.

Website  

SecRev - The Security Revolution from Montreal

Montreal, Canada. - 2018

The Cybersecurity Revolution is an event conceived to openly encourage sharing and interaction among the wider cybersecurity research community. It is an event focused around research, education, science and learning and not the furthering of commercial interests. On this talk I presented my work on the first look at browser-based Cryptojacking.

Website   Paper   Slides   Video  

2nd Annual Blockchain Bootcamp

Blockhouse (Catallaxy), Montreal, Canada. - 2018

This blockchain bootcamp is an introductory level workshop that will teach the attendees the main building blocks of blockchain, with hands on experience with timestamping and associated use cases.

Website  

A first look at browser-based Cryptojacking

IEEE SECURITY & PRIVACY ON THE BLOCKCHAIN (IEEE S&B) 2018 University College London (UCL), London, UK - 2018

Security & Privacy on the Blockchain (affiliated with Euro S&P) - Paper Presentation

GitHub   Paper   Slides  

Blockchain Fundamentals

Concordia University, Montreal, Canada - 2018

Covering all of the basic fundamentals of blockchain and societal impact of this innovative technology.

Website   Slides  

WTH is Bitcoin?

Technologies, World and Societies Class, School of Sociological and Anthropological Studies, University of Ottawa, Canada - 2018

A through historical view of where Bitcoin and Blockchain technology came from and how it evolved to be what we know now.

Slides  

Bootstrap Ethereum Development

ETHWaterloo, Waterloo, Canada - 2017

A walkthrough on Ethereum development stack, describing how EVM and Full nodes function, Requirements for interprise high scale setup and how to deploy smart contracts on Ethereum hacker-style and fast

Website   Slides  

On the feasibility of decentralized derivatives markets

Financial Cryptography 17, Malta - 2017

1st Workshop on Trusted Smart Contracts In Association with Financial Cryptography 2017 - Paper presentation

Website   Slides  

Buy your coffee with bitcoin, Real-world deployment of a bitcoin point of sale terminal

Advanced and Trusted Computing 15, Toulouse, France - 2016

Advanced and Trusted Computing (UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld), 2016 Intl IEEE Conferences - Paper presentation

Website   Slides  

A first look at the usability of bitcoin key management

Network and Distributed System Security (NDSS), San Diego, United States - 2015

USEC 15 NDSS Workshop on Usable Security (USEC) - Paper presentation and discussion

Website   Slides  

Introduction to Bitcoin

Shahid Beheshti University, Tehran, Iran - 2015

The first workshop on Bitcoin and Blockchain technology in Iran. This workshop organized by SBU Computer Science Scientific Association was designed to introduce and discuss research possibilities regarding Blockchain technology for graduate students and other interested parties.

Video  


Skills

Work

2019 - Security Engineer & Auditor @ ConsenSys Diligence
2015 - 2018 Blockchain Engineer @ Bitaccess
2008 - 2012 Co-founder, CTO @ i-Phone.ir

CVE

2018 CVE-2018-1000023 NIST NVD