To a certain extent, isn't this all a moot point? The sanctioned ETH addresses associated with the Ronin hack didn't use the immutable TC contract, they used the proxy contract[0][1] which can be updated from the Governance address (which is controlled by the Tornado Cash DAO). It appears that the transactions happened after the Treasury Dept. published the sanctions list.
To use your metaphor, a person who it would be a crime to sell anything to went to a gun vending machine to buy a gun. Given the nature of gun vending machines, it would be difficult, but not impossible for the vending machine company to prevent this scenario. However, in terms of assessing whether a legal violation occurred, it doesn't matter that the item the person bought was a gun, if the gun was then used to commit a crime, or if the item was instead a rubber band or a brown paper bag, or if the gun vending machine company designed the gun/band/bag or produced the gun/band/bag.
To use your metaphor, a person who it would be a crime to sell anything to went to a gun vending machine to buy a gun. Given the nature of gun vending machines, it would be difficult, but not impossible for the vending machine company to prevent this scenario. However, in terms of assessing whether a legal violation occurred, it doesn't matter that the item the person bought was a gun, if the gun was then used to commit a crime, or if the item was instead a rubber band or a brown paper bag, or if the gun vending machine company designed the gun/band/bag or produced the gun/band/bag.
[0] Proxy contract: https://etherscan.io/address/0xd90e2f925da726b50c4ed8d0fb90a...
[1] sanctioned address using Proxy contract: https://etherscan.io/address/0x4bf2c2956942b2dd40517bce42391...