Skip to main content

Trust & Risk Providers

Conto integrates with external providers to enrich trust scores, screen for sanctions, and assess wallet reputation. These providers feed into the trust score calculation (via the Verification factor, weighted at 20%) and the policy rule engine. Reputation providers (like Fairscale) follow a fail-open design: if unavailable, Conto logs a warning and continues without blocking transactions. Sanctions screening providers follow a fail-closed design: if Chainalysis or TRM Labs is unavailable, the address is treated as sanctioned to prevent compliance gaps.

Fairscale (Solana Reputation)

Fairscale provides composable reputation scoring for Solana wallets. It analyzes on-chain behavioral signals — token holdings, transaction patterns, staking activity, and social connections — to produce a 0-100 reputation score.

What it provides

SignalDescription
Fairscore (0-100)Composite reputation score
Tierbronze, silver, or gold
BadgesBehavioral badges (e.g. “LST Staker”, “No Instant Dumps”)
Features15+ raw behavioral metrics (tx count, active days, holdings, etc.)

How Conto uses it

  • Trust score enrichment: For Solana counterparties with no existing network data, Fairscale scores are normalized (0-100 to 0.0-1.0) and used as the network trust score
  • Cold-start enrichment: Unknown Solana addresses get real trust scores instead of blank UNKNOWN defaults
  • Red flag detection: Concerning behavioral patterns (high burst ratio, instant dumps, no activity) generate network alerts
  • Policy rules: Use FAIRSCALE_MIN_SCORE to require a minimum Fairscale score before allowing payments

Policy rule

Block payments to Solana wallets below a Fairscale score threshold: 
{
  "ruleType": "FAIRSCALE_MIN_SCORE",
  "operator": "GREATER_THAN_OR_EQUAL",
  "value": "50",
  "action": "ALLOW"
}

Availability

Fairscale reputation scoring is built into Conto — no configuration needed. All organizations on conto.finance automatically get Fairscale scoring for Solana addresses.
Fairscale is Solana-only. It is automatically skipped for EVM addresses.
If you self-host Conto, you’ll need to configure your own Fairscale API key:
# .env
FAIRSCALE_API_KEY="your-fairscale-api-key"
FAIRSCALE_API_URL="https://api2.fairscale.xyz"   # Optional, this is the default
FAIRSCALE_CACHE_TTL_SECONDS="300"                  # Optional, default 5 minutes
Get your API key at fairscale.xyz. If no API key is configured, Fairscale lookups return null and the trust engine falls back to other signals.

SDK API response

When querying trust data for a Solana address via the SDK, Fairscale data is included: 
{
  "address": "CKs1E69a2e9TmH4mKKLrXFF8kD3ZnwKjoEuXa6sz9WqX",
  "fairscale": {
    "score": 18,
    "tier": "bronze",
    "confidence": 0.3,
    "isVerified": true,
    "pillars": {
      "verification": 0,
      "reliability": 50,
      "social": 0,
      "track_record": 0,
      "economic_stake": 42,
      "ecosystem": 24
    },
    "redFlags": ["No on-chain activity"],
    "badges": [
      { "id": "lst_staker", "label": "LST Staker", "tier": "gold" },
      { "id": "no_dumper", "label": "No Instant Dumps", "tier": "silver" }
    ]
  }
}

Sanctions Screening

Conto screens wallet addresses against sanctions lists to support compliance requirements. Screening checks known sanctioned addresses (Tornado Cash, Lazarus Group, Garantex, etc.) and can be extended with enterprise providers for deeper risk analysis.

Providers

ProviderDescription
Local OFAC (default)Built-in OFAC SDN list — screens against known sanctioned wallet addresses. No API key needed.
ChainalysisEnterprise-grade blockchain risk scoring via the Chainalysis KYT API. Identifies sanctions exposure through cluster analysis.
TRM LabsBlockchain intelligence and compliance via the TRM Labs Screening API. Screens addresses for sanctions risk indicators.

Availability

Local OFAC screening is built into Conto — no configuration needed. All organizations on conto.finance automatically get OFAC sanctions screening against known sanctioned addresses. For enterprise compliance needs, Chainalysis and TRM Labs provide deeper risk analysis. Contact support to enable enterprise sanctions screening for your organization.
Sanctions screening is fail-closed for enterprise providers: if Chainalysis or TRM Labs is unavailable, the address is treated as sanctioned to prevent compliance gaps. Local OFAC screening is always available since it uses a built-in address list.
If you self-host Conto, configure your sanctions provider:
# .env — choose one provider
SANCTIONS_PROVIDER="local"   # "local" (default), "chainalysis", or "trm"

# Chainalysis (https://www.chainalysis.com/)
CHAINALYSIS_API_KEY="your-chainalysis-api-key"
CHAINALYSIS_API_URL="https://api.chainalysis.com/api/risk/v2"   # Optional, this is the default

# TRM Labs (https://www.trmlabs.com/)
TRM_API_KEY="your-trm-api-key"
TRM_API_URL="https://api.trmlabs.com/public/v2"   # Optional, this is the default
  • Local OFAC works out of the box with no API key
  • Chainalysis requires an API key from chainalysis.com
  • TRM Labs requires an API key from trmlabs.com
If no SANCTIONS_PROVIDER is set, Conto defaults to local OFAC screening.

Policy rules

Block transactions to sanctioned countries using GEOGRAPHIC_RESTRICTION: 
{
  "ruleType": "GEOGRAPHIC_RESTRICTION",
  "operator": "IN_LIST",
  "value": "[\"CU\", \"IR\", \"KP\", \"SY\", \"RU\"]",
  "action": "DENY"
}
See the OFAC compliance section for the full list of sanctioned countries.
Always consult legal counsel for compliance requirements. This is not legal advice.

Network Intelligence

In addition to external providers, Conto’s built-in Network Intelligence aggregates anonymized trust signals across all organizations on the platform:
  • Cross-organization address flagging
  • Collective fraud detection
  • Automatic trust score adjustments based on network-wide behavior
Network Intelligence data is anonymized. Organizations share aggregate trust signals, not transaction details.

Provider priority

When multiple sources have data for an address, Conto applies them in this order:
  1. Conto Network Intelligence — on-platform transaction history and cross-org signals
  2. Fairscale (Solana only) — external reputation scoring
  3. Sanctions screening — compliance blocklists (always enforced regardless of trust score)
Network Intelligence scores take precedence because they’re based on real transaction history. Fairscale is used for cold-start enrichment when no network data exists. Sanctions screening operates independently and can block transactions regardless of trust score.