Plume
  • Introduction
    • Overview
  • Plume Portal
    • About the Portal
  • Bridge and Swap
  • Stake
  • Plume Points (PP)
  • Official Tokens
    • PLUME ($PLUME) Token
    • Plume USD (pUSD)
    • Plume ETH (pETH)
  • Plume Security
    • AML Screening
    • Compliance at Plume
    • Audits and Security
  • Developers
    • Network Information
    • Smart Contracts
    • How-to Guides
      • How to Connect to Network
        • Install and Configure Wallet
        • Claim test tokens
      • How to Deploy Smart Contracts
        • Deploy using Remix IDE
        • Deploy using Foundry
        • Deploy using Hardhat
      • How to Verify Smart Contracts
        • Verify using Foundry
        • Verify using Hardhat
      • How to Run a Node
    • Tools & Services
      • Account Abstraction
      • Bridges
      • Oracles
      • Data Indexers
      • Node Providers
      • OnRamps
      • Analytics
      • Custodians
      • SDK
      • Misc Tools
    • Plume vs. Ethereum
    • Gas and Fees
    • Finality
  • Community and Support
    • Community Channels
    • Brand Assets
    • Terms of Service
    • Privacy Policy
  • MORE
    • Glossary
    • FAQ
Powered by GitBook
On this page
  • Blockchain Level AML Screening
  • TLDR:
  • Screening Process in Detail
  • False Positives
  1. Plume Security

AML Screening

PreviousPlume ETH (pETH)NextCompliance at Plume

Last updated 1 month ago

Blockchain Level AML Screening

Because Plume is a public blockchain, we operate our own infrastructure that lets us integrate the highest industry standards for AML. We are the only public and permissionless blockchain that runs AML at the sequencer level.

TLDR:

We run AML screen at the moment of transfer - right after the bridge. This means that if someone uses a wallet that sends USDC from another chain, and that wallet has illicitly obtained stablecoins, the transfer will be blocked. USDC will not be minted or appear on Plume.

Screening Process in Detail

  1. All transactions on the Plume mainnet network are submitted through the Plume RPC before being sent to the Plume sequencer for ordering and execution.

  3. Once Forta Firewall receives transaction details, it performs compliance screening, followed by security screening.

  4. Firewall simulates the transaction with the details provided and generates traces which reveal the “internal” transactions as well as generated event logs. This process is equivalent to “unpacking the transaction” to see all the individual component parts, and all of this happens inside the firewall in milliseconds.

  5. The unpacked transaction data is then parsed to extract the wallet addresses involved. Wallet addresses are the closest analogy we have to a person or entity’s identity onchain.

  6. The extracted wallet addresses are then screened against the Specially Designated Nationals (SDN) list of the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) (commonly referred to as the “OFAC Sanctions List”) .

  7. If a transaction is found to involve an OFAC-sanctioned address, the Firewall API returns an error response (indicating that it will be blocked) to the Plume RPC, and the transaction is dropped before the execution process.

False Positives

In the context of compliance screening, a false positive (FP) refers to a blocked transaction that does not actually involve a sanctioned or high-risk wallet address. While FPs are technically possible, we don’t foresee this occurring given how the compliance screening is performed. Forta Firewall screens each address in the transaction against a blacklist. The determination is binary - the address is either on the list or not. Additionally, onchain actions like contract deployments would never be blocked by the Firewall unless the transaction involves a sanctioned address.

FPs are more likely, although very infrequent, in the context of Firewall’s security screening where the determination is risk-based. In either case if an FP is identified, we will investigate and address the cause as soon as reasonably possible. Once resolved, if the transaction is resubmitted by the user, the transaction should be processed and executed normally.

Information requests

Once the RPC receives the transaction, the transaction details (to address, from address, value, inputs) are forwarded to the API.

Plume protocol teams and end users may request screening information related to their transactions. Requests can be sent to . If you believe your transaction is a FP transaction, please contact .

Forta Firewall
engineering@plume.org
compliance@plume.org