Fraud Value Containment (V1)

A simplified, deterministic system to stop source-linked suspicious value from being requestable or withdrawable. Designed for minimal moving parts, not a fully generalized fraud-graph platform.

1. High-Level Core Flow

The system is a source-triggered exposure-locking system. It triggers when a source bot has fraud-linked suspicious value, locking the source immediately and then finding direct downstream holders to lock.

graph TD A[Fraud Posture Tightens
Processor Status: Suspended / Reserves Imposed / RMI] -->|Fraud Reason Typed| B(Open or Reuse Containment Case) B --> C[Lock Source Ledger] B --> D[Suspend Same-Owner Core] C --> E[Discover Direct Exposed Holders
via Real Money Edges] D --> E E --> F{Positive Traced Exposure?} F -- Yes --> G[Lock Downstream Holder] F -- No --> H[Skip] G --> I([STOP
No recursive traversal in V1]) style A fill:#0369a1,stroke:#60a5fa,stroke-width:2px,color:#fff style I fill:#374151,stroke:#9ca3af,stroke-width:2px,color:#fff

2. The Lock Primitive

A single ledger-scoped lock primitive (FraudManager::LockLedgerHolder) is used for all exposed holders. This lock is the authoritative state and takes precedence over all other normal review or reserve flows.

  • Blocks Creation: Outward inner_platform_transfer and new withdrawal requests.
  • Traps In-flight: Denies requested withdrawals; cancels awaiting_payment.
  • ⚠️
    Reserves: Sets reserve_percentage = 100 and rebalances balance.
  • 🔒
    Precedence: Normal unpause/approval cannot weaken this lock.
graph TD Lock[FraudManager::LockLedgerHolder] Lock --> DB[(fraud_locks)] Lock --> R[Reserves = 100%] Lock --> B[Block Trans/Wdraw] Lock --> C[Deny/Cancel Pending] style Lock fill:#7f1d1d,stroke:#f87171,stroke-width:2px,color:#fff

3. Discovery Model (Direct Edges Only)

V1 restricts the traversal graph to only direct, real money edges (transfers and revshares). It does not use fuzzy signals (IP, KYC, etc.) in the critical path, and does not traverse beyond the first hop.

graph TD subgraph Core [Same-Control Core] Owner((Owner User)) SourceBot[Source Bot] ChildBot[Other Owned Bot] end Owner -.->|owns| SourceBot Owner -.->|owns| ChildBot SourceBot -->|membership revshare| HolderA[Direct Holder A] SourceBot -->|inner platform transfer| HolderB[Direct Holder B] HolderA -.->|transfer 2nd hop| HolderC[Holder C] HolderB -.->|revshare 2nd hop| HolderD[Holder D] style SourceBot fill:#7f1d1d,stroke:#f87171,stroke-width:3px,color:#fff style Owner fill:#7f1d1d,stroke:#f87171,stroke-width:2px,color:#fff style ChildBot fill:#7f1d1d,stroke:#f87171,stroke-width:2px,color:#fff style HolderA fill:#9a3412,stroke:#fdba74,stroke-width:2px,color:#fff style HolderB fill:#9a3412,stroke:#fdba74,stroke-width:2px,color:#fff style HolderC fill:#374151,stroke:#9ca3af,stroke-dasharray: 5 5,color:#fff style HolderD fill:#374151,stroke:#9ca3af,stroke-dasharray: 5 5,color:#fff classDef note fill:none,stroke:none,color:#9ca3af N1[Locked immediately]:::note --> SourceBot N2[Locked after discovery]:::note --> HolderA N3[Ignored in V1]:::note --> HolderC

4. Implementation Rollout Plan

The spec suggests building this in specific slices to ensure PR reviewability and to prioritize core source containment over discovery mechanics.

gantt title Suggested V1 Implementation Slices dateFormat YYYY-MM-DD axisFormat %m/%d tickInterval 1week section PR 1 Schema Models :a1, 2023-11-01, 7d Enforcement Blocks :a2, after a1, 7d Case Opening Hook :a3, after a2, 7d section PR 2 Discovery Worker :b1, after a3, 7d Locking logic :b2, after b1, 7d

Explicitly Deferred from V1:

  • Recursive transfer traversal beyond direct holders.
  • Full generic non-fraud lock frameworks.
  • Fuzzy relationship / graph logic inside the runtime.
  • Perfect co-mingled attribution algorithms.
  • LLMs in the critical decision path (LLMs are for out-of-band operator summaries only).