Research Partner & Head of Security


Sam is a Research Partner and the Head of Security at Paradigm, focused on portfolio companies and research into security and related topics. Previously, Sam was a security engineer at Trail of Bits where he worked on improving security tooling for developers and helped clients write safer code. Sam helps secure the cryptocurrency ecosystem by responsibly disclosing vulnerabilities and publishing educational resources.

Written by samczsun

Hiding in Plain Sight

I like challenging assumptions. I like trying to do the impossible, finding what others have missed, and blowing people's minds with things they never saw coming. Last year, I wrote a []

by samczsun on Nov 11, 2021

Two Rights Might Make A Wrong

A common misconception in building software is that if every component in a system is individually verified to be safe, the system itself is also safe. Nowhere is this belief []

by samczsun on Aug 17, 2021

The Dangers of Surprising Code

If you work in software engineering, odds are you've heard of at least one software engineering principle. While I wouldn't advocate for religiously following every principle to the letter, there []

by samczsun on Aug 13, 2021

Booby Trapping the Ethereum Blockchain

This is the second in a series of blog posts about bugs I've found in go-ethereum (Geth). If you haven't already, take a look at Part 1 here. Today's post is about a bug []

by samczsun on May 27, 2021

Uncovering a Four Year Old Bug

Every adventure requires a first step - The Cheshire Cat What does it take to find a bug? What about one in a contract that's survived the test of time? The []

by samczsun on Apr 19, 2021

Paradigm CTF 2021 - swap

When you have eliminated all which is impossible, then whatever remains, however improbable, must be the truth - Sherlock Holmes Paradigm CTF 2021 took place in early February and together, players []

by samczsun on Apr 09, 2021

The Block Mined In January, 584942419325

This is the first in a series of blog posts about the bugs I've found in go-ethereum (Geth), the official Golang implementation of the Ethereum protocol. While you don't need a deep []

by samczsun on Mar 30, 2021

So you want to use a price oracle

In late 2019, I published a post titled “Taking undercollateralized loans for fun and for profit”. In it, I described an economic attack on Ethereum dApps that rely on accurate []

by samczsun on Nov 09, 2020

Changing Lanes

In early 2020, I was given an opportunity to join Trail of Bits over the summer. I was familiar with the high quality of work that they produced so I happily accepted []

by samczsun on Oct 09, 2020

Escaping the Dark Forest

I was about to wrap up for the night when I decided to take another look at some smart contracts. I wasn’t expecting anything interesting, of course. Over the past few []

by samczsun on Sep 24, 2020