Sniper Docs

Defensive threat intelligence API. Same category as Chainalysis, TRM Labs, Elliptic, and Chainabuse. We aggregate public data + community reports. We do not hack, we do not retaliate, we do not attempt unauthorized access.

1. Overview

Sniper is a defensive layer that sits in front of /v1/bridge/call and any module that accepts funds. Before a transfer is routed, Sniper checks the destination against:

• OFAC SDN list (US Treasury sanctions — public record)
• Chainabuse public scam reports
• Community reports submitted via POST /v1/sniper/report and cross-verified by 2+ sources
• Honeypot telemetry from MeterCall decoy modules

2. Risk scoring methodology

Every address gets a score 0-100:

Default bridge threshold: 70. Configurable by integrator.

3. Data sources

• OFAC SDN — https://www.treasury.gov/ofac/downloads/sdn.json — public, free, legal. Pulled every 30min by Bot #27.
• Chainabuse public — https://www.chainabuse.com/reports — best-effort scrape; graceful-fail on outage.
• Community reports — POST /v1/sniper/report; rate-limited 20/min per IP; retractable 24h; verified when 2+ independent sources agree.
• Honeypot telemetry — /v1/sniper/honeypot/event — MeterCall decoy modules log any API call attempts.

4. Bridge integration

Sniper runs as middleware BEFORE POST /v1/bridge/call. If the destination address scores >= 70, the bridge returns:

HTTP/1.1 403 Forbidden
{
  "error": "destination_flagged",
  "risk_score": 100,
  "reason": "flagged:sanctions:ofac_sdn",
  "recommendation": "block",
  "sniper": true
}

Warnings (score 40-69) do not block but attach header x-sniper-warn: <score>:<reason>.

Integrators can call Sniper directly:

POST /v1/sniper/bridge-check
{ "from": "0x...", "to": "0x...", "amount": "1000000000000000000", "chain": "eth" }

5. SniperAttestor contract

See contracts/SniperAttestor.sol. MIT licensed, ~100 LOC.

• flagAddress(address bad, uint8 category, bytes32 evidenceCid) — onlyAttestor
• unflag(address bad) — onlyAttestor
• challenge(address bad, bytes proof) payable — anyone with stake >= 0.1 ETH
• isBad(address) view returns (bool, uint8) — free read for any protocol
• Events: Flagged, Unflagged, Challenged, AttestorSet, OwnerChanged

6. Challenge process

1. Stake >= 0.1 ETH to challenge(address, proof)
2. Proof bytes = IPFS CID of your evidence bundle (tx logs, chat logs, KYC if applicable)
3. DAO reviews off-chain within 7 days
4. If challenge succeeds: attestor unflags + challenger stake refunded
5. If challenge fails: stake forfeited to DAO treasury (anti-spam)

7. Appeals

Reporters can retract their own report within 24h via POST /v1/sniper/report/:id/retract. After 24h or after verification, only the challenge path works.

8. Paid integrations (roadmap)

• Chainalysis — sanctioned addresses oracle (smart-contract access)
• TRM Labs — entity clustering, risk API
• Elliptic — Navigator + Holistic risk
• Crystal Blockchain — cross-chain flow tracing

When configured via CHAINALYSIS_KEY, TRM_KEY, ELLIPTIC_KEY env vars, Bot #27 will merge their feeds. Until then, Sniper runs free-tier only.

9. SDK

<script src="/sdks/sniper.js"></script>
<script>
  MeterCallSniper.score('0x8589427373D6D84E98730D7795D8f6f8731FDA16')
    .then(s => console.log(s.risk_score, s.recommendation));
</script>

10. Code examples

curl

curl https://metercall.ai/v1/sniper/score/0x8589427373D6D84E98730D7795D8f6f8731FDA16
# {"address":"0x...","risk_score":100,"recommendation":"block",...}

JavaScript (Node 18+)

const r = await fetch('https://metercall.ai/v1/sniper/score/' + addr);
const { risk_score, recommendation } = await r.json();
if (recommendation === 'block') throw new Error('flagged');

Python

import requests
r = requests.get(f"https://metercall.ai/v1/sniper/score/{addr}").json()
if r["recommendation"] == "block": raise Exception("flagged")

Report a scam

curl -X POST https://metercall.ai/v1/sniper/report \
  -H 'content-type: application/json' \
  -d '{"address":"0xbad...","chain":"eth","category":"phishing","evidence_url":"https://etherscan.io/tx/0x..."}'