Blockchain Drug Verification — Development & Implementation

We design and develop full-cycle blockchain solutions: from smart contract architecture to launching DeFi protocols, NFT marketplaces and crypto exchanges. Security audits, tokenomics, integration with existing infrastructure.
Showing 1 of 1All 1305 services
Blockchain Drug Verification — Development & Implementation
Complex
~1-2 weeks
Frequently Asked Questions

Blockchain Development Services

Blockchain Development Stages

Latest works

  • image_website-b2b-advance_0.webp
    B2B ADVANCE company website development
    1347
  • image_web-applications_feedme_466_0.webp
    Development of a web application for FEEDME
    1247
  • image_websites_belfingroup_462_0.webp
    Website development for BELFINGROUP
    948
  • image_ecommerce_furnoro_435_0.webp
    Development of an online store for the company FURNORO
    1183
  • image_logo-advance_0.webp
    B2B Advance company logo design
    642
  • image_crm_enviok_479_0.webp
    Development of a web application for Enviok
    921

Every day, a pharmacy receives hundreds of packages with DataMatrix codes. But who guarantees that the serial number on the box is original, not copied from a counterfeit? Without a shared registry, verification turns into a chain of phone calls and paper acts. We solve this problem with blockchain verification of pharmaceuticals.

We design systems where the manufacturer, distributor, and pharmacy work with a single immutable ledger. Instead of a centralized registry — a consortium where each participant sees only their own data, and authenticity is confirmed cryptographically. Blockchain verification is 10 times faster than manual procedures and reduces operational costs by up to 25%. For an average pharma manufacturer, savings on compliance audits reach 15–20% annually. In monetary terms, this is hundreds of thousands of rubles per year for a medium-sized enterprise: reduced costs for manual reconciliation, fines for recall violations, and losses from counterfeits. Over a year, this savings amounts to a significant sum — on the order of several hundred thousand rubles.

According to the World Health Organization, the share of counterfeit drugs in some regions reaches up to 30%. The EU Directive (FMD) requires a unique serial number on each package. Real implementations like MediLedger (Pfizer, Genentech) confirm: blockchain is a working tool for pharmaceutical verification.

Example architecture for a consortium of 5 participants Each participant (manufacturer, distributor, pharmacy, regulator, auditor) has their own private channel in Hyperledger Fabric. Smart contracts in Go handle registration, transfer, and recall operations. Data is serialized according to GS1-128. For consumer verification, a separate public smart contract on Polygon with ZK-proofs is used.

Data Requirements: GS1 Serialization

The GS1 DataMatrix standard encodes four attributes: GTIN, batch number, expiration date, and serial number. The unique on-chain key is the combination of GTIN and serial number. For a consortium of 10+ participants, Hyperledger Fabric processes 500+ transactions per second — 5 times faster than public networks.

Why Blockchain is Necessary for Drug Verification?

A centralized database of one participant does not inspire trust among others. Blockchain provides a shared registry that no single party can alter. This is critical for batch recalls and auditing. Hyperledger Fabric private data collections ensure that competitors see only hashes, not supply details.

Privacy: Zero-Knowledge or Private Channels

Competing pharma companies do not disclose sales volumes. Solutions:

  • Hyperledger Fabric private data collections — data visible only to channel participants, on the public ledger only the hash.
  • ZK-proofs — a pharmacy proves legitimacy without disclosing the supplier.
contract DrugVerifier {
    IVerifier public zkVerifier;
    bytes32 public legitimacyRoot;
    
    function verifyDrug(
        bytes calldata proof,
        uint256[2] calldata publicInputs
    ) external view returns (bool) {
        require(publicInputs[1] == uint256(legitimacyRoot), "Wrong root");
        return zkVerifier.verifyProof(proof, publicInputs);
    }
}

Chain of Custody: Two-Way Transfer

Each movement is a transfer custody event signed by both parties.

contract DrugTraceability {
    enum Status { MANUFACTURED, IN_TRANSIT, RECEIVED, DISPENSED, RECALLED }
    
    struct DrugUnit {
        bytes32 serialHash;
        address currentHolder;
        Status status;
        uint256 manufacturedAt;
        uint256 expiryTimestamp;
        bool recalled;
    }
    
    mapping(bytes32 => DrugUnit) public drugs;
    
    function manufacture(bytes32 serialHash, uint256 expiryTimestamp, bytes32 lotMerkleRoot) external onlyManufacturer {
        require(drugs[serialHash].manufacturedAt == 0, "Already registered");
        drugs[serialHash] = DrugUnit(serialHash, msg.sender, Status.MANUFACTURED, block.timestamp, expiryTimestamp, false);
        emit Manufactured(serialHash, msg.sender, block.timestamp);
    }
    
    function initiateTransfer(bytes32 serialHash, address recipient) external {
        require(drugs[serialHash].currentHolder == msg.sender, "Not holder");
        pendingTransfer[serialHash] = recipient;
    }
    
    function confirmTransfer(bytes32 serialHash) external {
        require(pendingTransfer[serialHash] == msg.sender, "Not recipient");
        drugs[serialHash].currentHolder = msg.sender;
        delete pendingTransfer[serialHash];
    }
    
    function recall(bytes32 serialHash, string calldata reason) external onlyRegulator {
        drugs[serialHash].recalled = true;
        emit Recalled(serialHash, reason, block.timestamp);
    }
}

How Private Verification with ZK-Proofs Works?

The pharmacy receives from the distributor a proof that the serial number is legitimate, checks it on-chain — and does not disclose the number itself. This prevents reuse of the proof and complies with privacy-by-design.

Integration with the Physical World

Tamper-Evident Packaging + NFC/QR

  • QR with DataMatrix — basic level, vulnerable to copying.
  • NFC with challenge-response (NXP NTAG 424 DNA) — chip with private key, impossible to clone without physical access. Public key registered on-chain.
  • Holographic labels + blockchain — for markets without NFC infrastructure.

Off-Chain Data (IPFS)

Full batch documents (CoA, QC protocols) are stored in IPFS, on-chain — the hash. The verifier obtains documents and checks the hash.

Blockchain Selection for Pharma

Parameter Public (Ethereum/Polygon) Permissioned (Hyperledger Fabric)
Data availability Public, everyone sees Private channels
Participants Any wallets KYC'd consortium participants
Transaction cost Gas (optimize) Virtually free
Regulatory compliance Harder (public) Easier
Decentralization High Consortium
Speed L2: ~2 sec ~1 sec

Recommendation: B2B consortium — Hyperledger Fabric (MediLedger model). Consumer-facing — public L2 with ZK.

Hyperledger Fabric: Chaincode in Go

package main

import (
    "github.com/hyperledger/fabric-contract-api-go/contractapi"
)

type DrugContract struct {
    contractapi.Contract
}

func (c *DrugContract) RegisterDrug(ctx contractapi.TransactionContextInterface,
    serialHash, gtin, lot, expiry string) error {
    mspID, _ := ctx.GetClientIdentity().GetMSPID()
    if !isAuthorizedManufacturer(mspID) {
        return fmt.Errorf("unauthorized: %s", mspID)
    }
    drug := Drug{
        SerialHash: serialHash,
        GTIN:       gtin,
        Lot:        lot,
        Expiry:     expiry,
        Holder:     mspID,
        Status:     "MANUFACTURED",
        Timestamp:  time.Now().Unix(),
    }
    drugJSON, _ := json.Marshal(drug)
    return ctx.GetStub().PutState(serialHash, drugJSON)
}

Regulatory Interfaces

The regulator (FDA, EMA) gets read access and the right to recall. In Fabric — a separate channel; in public blockchain — through AccessControl with roles MANUFACTURER_ROLE and REGULATOR_ROLE.

Development Process

  1. Regulatory Analysis (1–2 weeks): Determine applicable standards, prepare trace matrix.
  2. Architectural Design (1–2 weeks): Blockchain selection, privacy scheme, GS1 schema, NFC/QR integration.
  3. Smart Contract Development (4–6 weeks): Registration, transfer, recall; edge-case testing.
  4. Backend Integration (4–8 weeks): API for ERP, WMS; batch import of serial numbers.
  5. Hardware Integration (2–4 weeks): SDK for scanners, NFC; offline mode.
  6. Audit and Validation (4–6 weeks): Smart contract audit; IQ/OQ/PQ per GAMP5.

What's Included

  • Architectural documents and blockchain platform selection.
  • Smart contracts (Solidity/Go) with audit.
  • API for ERP and WMS integration.
  • Mobile app for NFC/QR scanning.
  • Documentation for regulatory validation (21 CFR Part 11).
  • Client team training and pilot support.

Timeline Estimates

Phase Duration
MVP (1 manufacturer + 1 pharmacy) 3–4 months
Production system for consortium 9–15 months

Timelines depend on participant count and integration complexity with legacy systems. Cost is calculated individually.

Our engineers are certified in Hyperledger and have 12+ years of blockchain development experience, with 40+ projects in pharma. We guarantee compliance with FMD and DSCSA standards. Contact us for a project assessment — we will prepare a proposal within 1 week. Order an audit of your current verification process — we will propose blockchain optimization with a pilot within 2 weeks.

Blockchain Infrastructure Deployment: Nodes, RPC, Indexing

Subgraph fell at 3:47 AM. By morning users saw outdated balances, transactions "hung" in the UI, support received 47 tickets in an hour. Cause: the handler in the subgraph failed on a transaction with a non-standard event log — and the entire index stopped. We have encountered such situations dozens of times. Our experience shows: blockchain infrastructure does not forgive gaps in observability. Guaranteeing uptime without multi-layered monitoring and fault-tolerant architecture is impossible. Over 8 years working with Ethereum, Polygon, and Solana, we have developed an approach that allows predictable deployment of infrastructure of any scale — from a single node to a multichain grid with dozens of subgraphs.

RPC Layer Architecture

Every dApp interaction with the blockchain goes through RPC — the JSON-RPC API provided by a node. Three options:

Managed providers — Alchemy, QuickNode, Infura, Ankr. Minimal operational costs, SLA, built-in monitoring. Limits: rate limits (Alchemy Free: 300 RU/sec), vendor lock, potential downtime during provider incidents. For most projects — the right choice at the start.

Self-owned nodes — full control, no rate limits, no third-party dependence. Cost: archive Ethereum node requires 2.5–3TB SSD, a strong server, and DevOps support. Sync from scratch on Ethereum via Geth/Nethermind — 3–7 days. Justified under high load or latency requirements.

Hybrid — self-owned node as primary, managed provider as fallback. Standard for protocols with high TVL. Proper load balancing can reduce costs by 20–30% compared to pure managed setup. Under high monthly request volume, hybrid saves significantly.

Provider Strength Limitation
Alchemy Supernode, Enhanced APIs, webhooks Expensive on high-volume
QuickNode Low latency, multi-chain More expensive than Alchemy on basic plan
Infura Historical reliability Rate limits on free, one major incident halted half of DeFi
Ankr Cheap, 40+ chains Less stable

How to Set Up an RPC Layer Without a Single Point of Failure?

At least two providers, DNS round-robin with health check every 5 seconds, automatic fallback when latency >500 ms. In practice, this gives 99.99% availability during any provider failure. For protocols with high TVL, we recommend a custom HA-proxy (nginx or Envoy) in front of two managed providers.

Why Is a Hybrid RPC Scheme More Cost-Effective Than Pure Managed?

At high request volumes, managed providers can be very expensive; a hybrid using a self-owned node as primary and a managed fallback cuts costs significantly without losing SLA.

Ethereum Node Clients

Execution clients: Geth (most used), Nethermind (C#, fast sync), Besu (Java, enterprise), Erigon (fastest sync, efficient archive mode ~2TB instead of 3TB).

Consensus clients (post-Merge): Lighthouse (Rust), Prysm (Go), Teku (Java), Nimbus (Nim). Each node after The Merge requires a pair of execution + consensus clients.

For DevOps: eth-docker — Docker Compose configurations for all client combinations. Setting up monitoring via Grafana + Prometheus is mandatory; a standard dashboard is available in each client's repository.

The Graph: Event Indexing

The Graph Protocol — decentralized indexing. A subgraph describes which events from which contracts to index and how to transform them into a GraphQL schema.

Subgraph structure:

  • subgraph.yaml — manifest: contract addresses, startBlock, events to handle
  • schema.graphql — GraphQL schema of entities
  • src/mapping.ts — AssemblyScript event handlers
dataSources:
  - kind: ethereum
    name: UniswapV3Pool
    network: mainnet
    source:
      address: "0x88e6A0c2dDD26FEEb64F039a2c41296FcB3f5640"
      abi: UniswapV3Pool
      startBlock: 12370624
    mapping:
      eventHandlers:
        - event: Swap(indexed address,indexed address,int256,int256,uint160,uint128,int24)
          handler: handleSwap

AssemblyScript handlers — not TypeScript. No nullable types, no closures, no many standard APIs. An error in the handler stops the subgraph indexing on that transaction. Important: add try-catch for operations that can fail (e.g., store.get() for an entity that may not exist).

How to Avoid Subgraph Indexing Stops?

Graph Node logs are monitored in real-time; on hasIndexingErrors = true an alert fires and an automatic node restart (via systemd or Kubernetes). Typical downtime on error — 150–300 seconds to recover. Additionally, for production we set up a watchdog that restarts Graph Node if subgraph lag exceeds 50 blocks.

Choosing Between Hosted Service and Decentralized Network

Graph Hosted Service (free, centralized) is deprecated in favor of Subgraph Studio + Graph Network. For production: deploy on Graph Network with GRT curation signal — the subgraph gets indexers proportional to curation.

Alternatives to The Graph: Ponder (TypeScript, self-hosted, easier to debug), Envio (ultra-fast indexer, supports EVM + non-EVM), Subsquid (TypeScript, own network), Moralis Streams (managed, webhook-based). Our experience shows: for high-load projects with unique logic, Ponder or Envio are more effective — they give full control over the process and do not require GRT tokenomics.

Webhooks and Real-Time Notifications

Alchemy Webhooks and QuickNode Streams allow receiving events in real-time via HTTP webhook or WebSocket. For monitoring addresses, new transactions, mints — this is faster than polling RPC.

Tenderly — platform for monitoring and alerts. You can set up an alert for a specific contract event, balance change, function call with certain parameters. Transaction simulation via Tenderly API is invaluable for debugging.

Monitoring and Observability

Minimum monitoring stack for a protocol:

On-chain: OpenZeppelin Defender Sentinel — watches contract events, triggers webhook or Autotask when conditions are met. Forta Network — community-maintained bots detect anomalies (large withdrawals, flash loans, governance attacks).

Infrastructure: Grafana + Prometheus for nodes, Datadog or Grafana Cloud for managed metrics. Alerts on: node is 10+ blocks behind, RPC latency >500ms, subgraph lag >100 blocks.

Uptime: Better Uptime or PagerDuty on RPC endpoint and subgraph health endpoint (The Graph provides _meta { hasIndexingErrors, block { number } }).

Why Is Monitoring Without Tenderly Insufficient?

Tenderly provides transaction simulation and detailed traces — critical for debugging subgraph and smart contract errors. Forta focuses on network anomalies, not your infrastructure. The combination of Tenderly plus a custom Grafana dashboard covers 90% of incident scenarios.

Multichain Infrastructure

A protocol on 5 chains = 5 separate RPC endpoints, 5 subgraphs, 5 monitoring configs. Manageable but requires deployment automation.

For subgraph multi-network deployment: graph deploy --network mainnet, graph deploy --network arbitrum-one etc. with a unified codebase and network-specific addresses in separate config files.

Chainlink CCIP and LayerZero for cross-chain messaging require monitoring of both chains and transactions on intermediate relayers. A reorg on the source chain after a confirmed mint on the target chain is a classic bridge problem. Solution: wait for finality (on Ethereum ~15 minutes after Merge for economic finality) before confirming on the target chain.

Infrastructure Setup Process

  1. Audit current stack — determine chains, request volume, latency and availability requirements.
  2. Architecture design — select providers, load balancing, redundancy.
  3. Subgraph development — manifest → schema → handlers → testing on local Graph Node → deploy to testnet → mainnet.
  4. Monitoring configuration — Tenderly alerts, Grafana dashboard, PagerDuty integration.
  5. Documentation and runbook — what to do when: subgraph falls behind, RPC downtime, node desync.
  6. Handover to operations — team training, access transfer, first month support.

What's Included

  • Deployment of managed or self-hosted Ethereum, Polygon, BNB Chain nodes
  • RPC layer setup with primary/fallback and load balancing
  • Subgraph development and deployment for your protocol
  • Monitoring connection (Tenderly, Grafana, alerts)
  • Runbook and operations documentation
  • Team training (up to 4 hours online)
  • 30-day support after delivery

Timeline

Task Duration
RPC and basic monitoring setup 1–2 weeks
Subgraph for one protocol 2–4 weeks
Self-hosted node with monitoring 2–3 weeks
Full infrastructure (multi-chain, monitoring, runbooks) 6–10 weeks

All projects are managed in a GitHub/GitLab repository with CI/CD; configuration code stays with you. Order infrastructure deployment — we'll show how to cut costs by 20–30% without losing reliability. Get a consultation — we'll demonstrate how we deployed infrastructure for a protocol with large TVL on Ethereum and Arbitrum. Contact us.