Sanctions Feed

CredScore syncs the OFAC SDN (Specially Designated Nationals) list weekly. Every Monday at 6:00 UTC, a cron job fetches the official SDN CSV from the U.S. Treasury Department, parses out all sanctioned Ethereum addresses, and upserts them into the sanctions_registry table.

The fetch is logged in the sanctions_fetch_log table with timestamp, status, and number of addresses processed. This gives you an auditable trail of when the registry was last updated.

In addition to the weekly sync, the engine has hardcoded labels for the most well-known sanctioned addresses (Lazarus Group, Sinbad, Genesis Market, Conti ransomware, Ronin Bridge hack, Wormhole hack, etc.) so they are always recognized regardless of registry sync state.

Self-sanctioned wallets (the wallet IS a sanctioned entity) are hard-capped at score 12 and forced to escalate. Counterparty sanctions exposure (the wallet TRANSACTS with a sanctioned entity) is also capped and flagged as "high_confidence_sanctions_attribution".

The sanctions enforcement runs at three separate stages of the scoring pipeline as a belt-and-suspenders measure. No intermediate scoring adjustment can override the sanctions cap.