Risk control,
running natively on-chain.
FidesOrigin is a native on-chain risk engine for digital asset infrastructure. Screen every transaction, quarantine suspicious flows, and enforce policies deterministically — with zero off-chain dependency. Built for stablecoins, smart wallets, RWA platforms, and agentic payment rails.
Built For
Who needs this, and why
If you move digital assets on-chain, compliance can't be an afterthought bolted on via API.
Stablecoin Payment Rails
Today
Issuers screen addresses via off-chain API calls to Chainalysis KYT or TRM Labs. Integration takes weeks. Every transfer depends on an external service being online.
Problem
API latency adds 200–500ms per transaction. If the API goes down, transfers either stall or bypass screening. Sanctioned addresses can move funds during outages.
With FidesOrigin
Risk profiles live on-chain. Every transfer is screened in the _update() hook — zero added latency, zero bypass path. Sanctioned addresses are blocked at the protocol level, not at the application layer.
Smart Contract Wallets
Today
Wallets like Safe and Argent rely on off-chain middleware or relayer services to screen transactions. The wallet UI checks an API, then decides whether to submit.
Problem
The screening layer is decoupled from execution. A sophisticated user or a competing frontend can bypass the wallet's API check and interact with the contract directly — the wallet has no enforcement power.
With FidesOrigin
Risk checks are embedded in the wallet contract itself via FidesCompliance. Every transaction — regardless of origin — is evaluated before execution. No bypass path exists, even via raw contract calls.
RWA Tokenization
Today
Tokenized assets (real estate, treasuries, private credit) rely on a centralized allowlist managed by the issuer. Transfers are approved off-chain and recorded on a separate registry.
Problem
The allowlist and the token are separate contracts. If the issuer's admin key is compromised or the allowlist falls out of sync, non-compliant transfers execute anyway. Recovery requires manual intervention.
With FidesOrigin
Jurisdiction rules, investor accreditation, and sanctions screening are enforced in the token's transfer logic itself. Non-compliant transfers revert on-chain. The policy engine is upgradeable, but the enforcement is permanent.
Agentic Payment
Today
AI payment agents operate via off-chain risk rules hardcoded in application logic. Spend limits and address allowlists live in a backend server the agent calls before executing.
Problem
If the agent is compromised, the backend is bypassed, or the prompt is manipulated, there is no protocol-level guardrail. The agent can drain funds to any address — including sanctioned ones.
With FidesOrigin
Spend limits, risk thresholds, and sanctions screening are enforced at the smart contract level. Even a compromised agent cannot transfer to a high-risk address — the transaction reverts on-chain. The guardrail is cryptographic, not advisory.
Architecture
Engine, not oracle
Every transaction is screened by smart contracts running on the same chain. No external API calls. No off-chain latency. No bypass path.
Integration
Three lines to wire in
Inherit the risk engine at the smart contract level. Every token transfer is automatically screened against on-chain risk profiles — no SDK calls, no API latency, no bypass.
Inherit CompliantStableCoin or wire FidesCompliance into your transfer hook
Configure risk thresholds and policies via the admin dashboard or directly on-chain
Every transfer is screened, enforced, and logged — deterministically on-chain
// Your stablecoin inherits on-chain risk screening contract CompliantStableCoin is ERC20, IFidesCompliance { function _update( address from, address to, uint256 amount ) internal override { // Evaluate before transfer executes (bool allowed, uint256 risk) = fides.evaluateTransaction( from, to, amount, address(this) ); if (!allowed) revert ComplianceViolation(from, to, risk); super._update(from, to, amount); } }
Contracts
Deployed on Sepolia
All contracts verified and open source. UUPS proxy pattern for upgradeability.
Security
Designed to be uncompromising
No off-chain dependency
All risk checks execute on-chain. No oracle latency, no API downtime, no third-party trust assumptions.
Role-based access control
Granular permissions: ORACLE, RULE_MANAGER, COMPLIANCE_ENGINE, RELEASE_ROLE. Each role independently assignable and revocable.
Quarantine, not destruction
Suspicious funds are isolated in a controlled vault, not burned. Reviewable, recoverable, and auditable.
System Health
Live, not “trust me”
Risk data freshness is verifiable on-chain. No opaque APIs, no “we promise it's up to date.”
Network
Sepolia Testnet
Chain ID 11155111
Risk Registry
v1.2.1
UUPS upgradeable
Data Publisher
DRY_RUN
OFAC + OpenSanctions
Contracts
6 deployed
Etherscan verified
Last Updated
2026-06-26
OpenSanctions OFAC SDN
~2,635 addresses (106 OFAC + 2,529 ScamSniffer)
Trust & Security
Open source. Audited design. No black boxes.
Risk infrastructure must be verifiable. Our code is open, our contracts are verified, and third-party audits are in progress.
Open Source
Full contract source code on GitHub. Every function, every modifier, every test — public and auditable. No proprietary black boxes.
View repositoryVerified on Etherscan
All 6 contracts verified on Sepolia Etherscan. Read-only proxy implementation. Anyone can inspect, anyone can verify bytecode matches source.
Third-Party Audit
Independent security audit scheduled before mainnet deployment. OpenZeppelin / Trail of Bits / Certik under evaluation. Report will be published here.
IN PROGRESSUpgradeable & Recoverable
UUPS proxy pattern allows contract upgrades without migration. Suspicious funds are quarantined, not burned — reviewable and recoverable through governed release roles.
Resources
Read the code, not the marketing
Contract Source Code
Solidity 0.8.26, 6 contracts, 139 tests passing. Full test suite in Hardhat.
Data Publisher Service
TypeScript service that syncs OFAC and OpenSanctions data to RiskRegistry. Docker-ready, Redis cluster support.
Admin Dashboard
Live dashboard for risk profiles, contract state, and sync status. Sepolia testnet.
Build with on-chain risk control
If you're issuing a stablecoin, building a smart wallet, tokenizing real-world assets, or designing autonomous payment infrastructure — let's talk about how deterministic risk screening changes the equation.
Live Demo
Every transfer is screened before it reaches the chain.
What happens when a sanctioned address tries to receive funds? The transaction reverts — at the protocol level.
function _update( address from, address to, uint256 amount ) internal override { // Check if recipient is sanctioned if (fides.isSanctioned(to)) revert SanctionedAddress(to); // Proceed with normal transfer super._update(from, to, amount); }
User Transfer Compliance Result │ │ Check │ ▼ ▼ ▼ ▼ ┌──────┐ ┌──────┐ ┌──────┐ ┌─────────┐ │ Init │ → │ TX │ → │Screen│ → │ ALLOW │ │ │ │ │ │ │ │ BLOCK │ └──────┘ └──────┘ └──────┘ └─────────┘
Try it on Sepolia
Interact with the RiskRegistry contract on Etherscan