Blockchain-Based Product Origin Certification: Audit & Anti-Counterfeit

We design and develop full-cycle blockchain solutions: from smart contract architecture to launching DeFi protocols, NFT marketplaces and crypto exchanges. Security audits, tokenomics, integration with existing infrastructure.
Showing 1 of 1All 1305 services
Blockchain-Based Product Origin Certification: Audit & Anti-Counterfeit
Medium
~1-2 weeks
Frequently Asked Questions

Blockchain Development Services

Blockchain Development Stages

Latest works

  • image_website-b2b-advance_0.webp
    B2B ADVANCE company website development
    1348
  • image_web-applications_feedme_466_0.webp
    Development of a web application for FEEDME
    1247
  • image_websites_belfingroup_462_0.webp
    Website development for BELFINGROUP
    949
  • image_ecommerce_furnoro_435_0.webp
    Development of an online store for the company FURNORO
    1183
  • image_logo-advance_0.webp
    B2B Advance company logo design
    642
  • image_crm_enviok_479_0.webp
    Development of a web application for Enviok
    921

Counterfeit certificates are rampant. Supply chain data is scattered across disparate ERP systems and unverifiable by third parties. A consumer cannot confirm that an 'organic product' is truly organic. We solve this with blockchain architecture—we build the system turnkey, from design to deployment.

Blockchain alone does not solve data authenticity—data entered into a smart contract is input by humans. If incorrect data is entered, blockchain only guarantees immutability, not accuracy. A proper certification system architecture understands where blockchain truly helps and where it does not.

The Problem Blockchain Solves

Blockchain provides transparency and immutable records. In a traditional system, a supply chain involves many participants, each running their own ERP. During an audit or consumer complaint, data is reconciled manually—taking weeks and enabling fraud. Smart contracts automatically record each event: batch release, transfer, quality check, certificate revocation. Any participant (including consumers) can independently verify the history. Verification takes seconds, not weeks—saving up to 70% audit time.

Advantages of a Hybrid Network

Corporate participants often require commercial data confidentiality (prices, volumes). A purely public blockchain exposes all data, which is unacceptable. Private networks (Hyperledger Besu, Quorum) ensure privacy but lose trustless guarantees. A hybrid network—private network for operational data + anchoring hashes on a public blockchain—gives the best of both worlds. Hybrid network reduces data storage costs fivefold compared to a fully public network. We use this architecture in most enterprise projects.

Architectural Solutions

Network Selection

For supply chain systems with corporate participants, two classes of solutions fit:

Public networks (Polygon, Avalanche, Base)—transparency for the end consumer. Anyone can verify data via a block explorer. Downside: all data is public, which may be unacceptable for B2B data about counterparties and prices. Performance of such networks is typically up to 200 TPS.

Permissioned networks (Hyperledger Besu, Quorum, Fabric)—participant privacy, high performance (up to 10,000 TPS, 50 times higher than public), fixed set of validators. Suitable for consortia. Downside: loss of trustless guarantees characteristic of public networks.

Hybrid network: private network for operational data + anchoring hashes on a public blockchain for auditability. The optimal choice for most enterprise cases.

Product Identifiers

The standard is GS1 EPCIS 2.0 for supply chain events. Each physical object gets a unique identifier (EPC—Electronic Product Code) linked to an on-chain record:

contract ProductRegistry {
    struct ProductBatch {
        bytes32 batchId;          // hash from GS1 GTIN + lot number + expiry
        address certifiedBy;       // certifying authority account
        bytes32 documentHash;      // IPFS CID in bytes32
        uint256 certifiedAt;
        CertificationLevel level;
        bool revoked;
    }
    
    enum CertificationLevel { 
        ORIGIN_DECLARED,    // seller declared origin
        AUDITOR_VERIFIED,   // independent auditor verified
        LAB_TESTED,         // lab tests confirmed
        CERTIFIED           // full certification completed
    }
    
    mapping(bytes32 => ProductBatch) public batches;
    mapping(bytes32 => bytes32[]) public batchEvents; // event chain
    
    // only accredited certifiers
    mapping(address => bool) public certifiers;
    
    modifier onlyCertifier() {
        require(certifiers[msg.sender], "Not authorized certifier");
        _;
    }
    
    function certifyBatch(
        bytes32 batchId,
        bytes32 documentHash,
        CertificationLevel level
    ) external onlyCertifier {
        batches[batchId] = ProductBatch({
            batchId: batchId,
            certifiedBy: msg.sender,
            documentHash: documentHash,
            certifiedAt: block.timestamp,
            level: level,
            revoked: false
        });
        emit BatchCertified(batchId, msg.sender, level);
    }
    
    function revokeCertification(bytes32 batchId, string calldata reason) 
        external onlyCertifier 
    {
        require(batches[batchId].certifiedBy == msg.sender, "Not your cert");
        batches[batchId].revoked = true;
        emit CertificationRevoked(batchId, reason);
    }
}

NFT vs. SFT vs. Fungible Token

We use different token types for batch certification. Comparison:

Token Type Use Case Product Examples
ERC-721 (NFT certificate) Each batch unique, need to distinguish all batches Wine, luxury items
ERC-1155 (Semi-fungible) Units within a batch identical, batches differ; partial transfer possible Most goods (organic, pharma)
ERC-20 (Fungible) Bulk/liquid goods without fixed batches Grain, oil

Learn more about standards in Ethereum documentation.

Chain of Events (Custody Transfer)

Each product movement in the supply chain is recorded as an event. Events form an auditable trail:

contract SupplyChainEvents {
    struct CustodyEvent {
        bytes32 batchId;
        address from;       // previous owner / producer
        address to;         // next owner / distributor
        bytes32 locationHash; // hash of GPS coordinates or warehouse address
        bytes32 conditionsHash; // hash of IoT data (temperature, humidity)
        uint256 timestamp;
        EventType eventType;
    }
    
    enum EventType {
        PRODUCED,
        QUALITY_CHECKED,
        PACKAGED,
        SHIPPED,
        CUSTOMS_CLEARED,
        RECEIVED,
        RETAIL_LISTED,
        SOLD
    }
    
    event CustodyTransferred(
        bytes32 indexed batchId,
        address indexed from,
        address indexed to,
        EventType eventType
    );
}

Storing raw location and storage condition data on-chain is expensive. The proper pattern: data → IPFS/Arweave → data hash on-chain. A verifier downloads data from IPFS and checks the hash matches the on-chain record.

IoT Integration

Physical sensors (temperature during transport, humidity in warehouse) are crucial for food & pharma. Problem: IoT devices cannot sign Ethereum transactions due to limited compute resources.

Architectural solution—oracle pattern:

IoT Device → Edge Gateway → Oracle Service → Smart Contract

Edge Gateway collects data from devices, aggregates it, and sends it via a secure channel to an oracle service (Chainlink, API3, or custom). The oracle writes data on-chain with a trusted operator’s signature.

For IoT data trust: TEE (Trusted Execution Environment) on the edge gateway—Intel SGX or ARM TrustZone. Data is signed inside the isolated environment, and a proof of TEE execution can be verified on-chain. This approach is 3x more reliable than traditional manual logging.

Consumer Verification

A QR code on the product encodes the batchId. The consumer scans the QR and sees:

  • Certification status (level, authority, date)
  • Full custody chain from producer to shelf
  • Documents (certificates, lab analyses) on IPFS
  • Whether the certificate was revoked
  • Ethereum certification details via block explorer

This is implemented as a static site or mobile app that reads data directly from the blockchain via JSON-RPC or via The Graph (for more complex queries).

Access Control and Accreditation

A critical component is managing who can write certification records. Options:

Model Suitable For Risks
Centralized whitelist Pilot projects Single point of trust
DAO governance Open ecosystems Slow decision making
Accreditation body on-chain Regulated industries Requires off-chain legality
Multi-sig committee Consortium Participant coordination

For regulated industries (organic food, pharma), the optimal model is where national accreditation bodies manage the on-chain list of authorized certifiers. This creates a bridge between the traditional regulatory system and blockchain.

How We Do It: Step-by-Step Process

  1. Requirements analysis: study business processes, number of participants, product types. Identify critical points where blockchain brings maximum benefit (e.g., 70% reduction in verification time, up to 40% audit savings, cost savings of $30,000 per year).
  2. Architecture design: select network (hybrid or public), design smart contracts, integration with ERP and IoT.
  3. Development and code audit: write smart contracts in Solidity 0.8.x, test with Foundry, run security audit (Slither, Mythril).
  4. Deployment and configuration: deploy in the chosen network, set up oracle, develop consumer web interface.
  5. Support and refinement: monitoring, updating smart contracts, team training.

Typical project investment: $50,000–$150,000, with ongoing support starting at $5,000/month.

Deliverables

Upon project completion, you receive:

  • Audited smart contract source code
  • API and architecture documentation
  • Configured oracles and consumer verifier
  • Team training
  • 3 months post-deployment support

Contact us for a consultation—we will assess your project and propose the optimal solution.

Why Choose Us?

Our team has over 10 years of experience in blockchain development, delivered 50+ successful projects, and been on the market for 5 years. Our engineers have published audits for open-source projects and contributed to ERC standard development. We accompany every project through all stages.

Blockchain Infrastructure Deployment: Nodes, RPC, Indexing

Subgraph fell at 3:47 AM. By morning users saw outdated balances, transactions "hung" in the UI, support received 47 tickets in an hour. Cause: the handler in the subgraph failed on a transaction with a non-standard event log — and the entire index stopped. We have encountered such situations dozens of times. Our experience shows: blockchain infrastructure does not forgive gaps in observability. Guaranteeing uptime without multi-layered monitoring and fault-tolerant architecture is impossible. Over 8 years working with Ethereum, Polygon, and Solana, we have developed an approach that allows predictable deployment of infrastructure of any scale — from a single node to a multichain grid with dozens of subgraphs.

RPC Layer Architecture

Every dApp interaction with the blockchain goes through RPC — the JSON-RPC API provided by a node. Three options:

Managed providers — Alchemy, QuickNode, Infura, Ankr. Minimal operational costs, SLA, built-in monitoring. Limits: rate limits (Alchemy Free: 300 RU/sec), vendor lock, potential downtime during provider incidents. For most projects — the right choice at the start.

Self-owned nodes — full control, no rate limits, no third-party dependence. Cost: archive Ethereum node requires 2.5–3TB SSD, a strong server, and DevOps support. Sync from scratch on Ethereum via Geth/Nethermind — 3–7 days. Justified under high load or latency requirements.

Hybrid — self-owned node as primary, managed provider as fallback. Standard for protocols with high TVL. Proper load balancing can reduce costs by 20–30% compared to pure managed setup. Under high monthly request volume, hybrid saves significantly.

Provider Strength Limitation
Alchemy Supernode, Enhanced APIs, webhooks Expensive on high-volume
QuickNode Low latency, multi-chain More expensive than Alchemy on basic plan
Infura Historical reliability Rate limits on free, one major incident halted half of DeFi
Ankr Cheap, 40+ chains Less stable

How to Set Up an RPC Layer Without a Single Point of Failure?

At least two providers, DNS round-robin with health check every 5 seconds, automatic fallback when latency >500 ms. In practice, this gives 99.99% availability during any provider failure. For protocols with high TVL, we recommend a custom HA-proxy (nginx or Envoy) in front of two managed providers.

Why Is a Hybrid RPC Scheme More Cost-Effective Than Pure Managed?

At high request volumes, managed providers can be very expensive; a hybrid using a self-owned node as primary and a managed fallback cuts costs significantly without losing SLA.

Ethereum Node Clients

Execution clients: Geth (most used), Nethermind (C#, fast sync), Besu (Java, enterprise), Erigon (fastest sync, efficient archive mode ~2TB instead of 3TB).

Consensus clients (post-Merge): Lighthouse (Rust), Prysm (Go), Teku (Java), Nimbus (Nim). Each node after The Merge requires a pair of execution + consensus clients.

For DevOps: eth-docker — Docker Compose configurations for all client combinations. Setting up monitoring via Grafana + Prometheus is mandatory; a standard dashboard is available in each client's repository.

The Graph: Event Indexing

The Graph Protocol — decentralized indexing. A subgraph describes which events from which contracts to index and how to transform them into a GraphQL schema.

Subgraph structure:

  • subgraph.yaml — manifest: contract addresses, startBlock, events to handle
  • schema.graphql — GraphQL schema of entities
  • src/mapping.ts — AssemblyScript event handlers
dataSources:
  - kind: ethereum
    name: UniswapV3Pool
    network: mainnet
    source:
      address: "0x88e6A0c2dDD26FEEb64F039a2c41296FcB3f5640"
      abi: UniswapV3Pool
      startBlock: 12370624
    mapping:
      eventHandlers:
        - event: Swap(indexed address,indexed address,int256,int256,uint160,uint128,int24)
          handler: handleSwap

AssemblyScript handlers — not TypeScript. No nullable types, no closures, no many standard APIs. An error in the handler stops the subgraph indexing on that transaction. Important: add try-catch for operations that can fail (e.g., store.get() for an entity that may not exist).

How to Avoid Subgraph Indexing Stops?

Graph Node logs are monitored in real-time; on hasIndexingErrors = true an alert fires and an automatic node restart (via systemd or Kubernetes). Typical downtime on error — 150–300 seconds to recover. Additionally, for production we set up a watchdog that restarts Graph Node if subgraph lag exceeds 50 blocks.

Choosing Between Hosted Service and Decentralized Network

Graph Hosted Service (free, centralized) is deprecated in favor of Subgraph Studio + Graph Network. For production: deploy on Graph Network with GRT curation signal — the subgraph gets indexers proportional to curation.

Alternatives to The Graph: Ponder (TypeScript, self-hosted, easier to debug), Envio (ultra-fast indexer, supports EVM + non-EVM), Subsquid (TypeScript, own network), Moralis Streams (managed, webhook-based). Our experience shows: for high-load projects with unique logic, Ponder or Envio are more effective — they give full control over the process and do not require GRT tokenomics.

Webhooks and Real-Time Notifications

Alchemy Webhooks and QuickNode Streams allow receiving events in real-time via HTTP webhook or WebSocket. For monitoring addresses, new transactions, mints — this is faster than polling RPC.

Tenderly — platform for monitoring and alerts. You can set up an alert for a specific contract event, balance change, function call with certain parameters. Transaction simulation via Tenderly API is invaluable for debugging.

Monitoring and Observability

Minimum monitoring stack for a protocol:

On-chain: OpenZeppelin Defender Sentinel — watches contract events, triggers webhook or Autotask when conditions are met. Forta Network — community-maintained bots detect anomalies (large withdrawals, flash loans, governance attacks).

Infrastructure: Grafana + Prometheus for nodes, Datadog or Grafana Cloud for managed metrics. Alerts on: node is 10+ blocks behind, RPC latency >500ms, subgraph lag >100 blocks.

Uptime: Better Uptime or PagerDuty on RPC endpoint and subgraph health endpoint (The Graph provides _meta { hasIndexingErrors, block { number } }).

Why Is Monitoring Without Tenderly Insufficient?

Tenderly provides transaction simulation and detailed traces — critical for debugging subgraph and smart contract errors. Forta focuses on network anomalies, not your infrastructure. The combination of Tenderly plus a custom Grafana dashboard covers 90% of incident scenarios.

Multichain Infrastructure

A protocol on 5 chains = 5 separate RPC endpoints, 5 subgraphs, 5 monitoring configs. Manageable but requires deployment automation.

For subgraph multi-network deployment: graph deploy --network mainnet, graph deploy --network arbitrum-one etc. with a unified codebase and network-specific addresses in separate config files.

Chainlink CCIP and LayerZero for cross-chain messaging require monitoring of both chains and transactions on intermediate relayers. A reorg on the source chain after a confirmed mint on the target chain is a classic bridge problem. Solution: wait for finality (on Ethereum ~15 minutes after Merge for economic finality) before confirming on the target chain.

Infrastructure Setup Process

  1. Audit current stack — determine chains, request volume, latency and availability requirements.
  2. Architecture design — select providers, load balancing, redundancy.
  3. Subgraph development — manifest → schema → handlers → testing on local Graph Node → deploy to testnet → mainnet.
  4. Monitoring configuration — Tenderly alerts, Grafana dashboard, PagerDuty integration.
  5. Documentation and runbook — what to do when: subgraph falls behind, RPC downtime, node desync.
  6. Handover to operations — team training, access transfer, first month support.

What's Included

  • Deployment of managed or self-hosted Ethereum, Polygon, BNB Chain nodes
  • RPC layer setup with primary/fallback and load balancing
  • Subgraph development and deployment for your protocol
  • Monitoring connection (Tenderly, Grafana, alerts)
  • Runbook and operations documentation
  • Team training (up to 4 hours online)
  • 30-day support after delivery

Timeline

Task Duration
RPC and basic monitoring setup 1–2 weeks
Subgraph for one protocol 2–4 weeks
Self-hosted node with monitoring 2–3 weeks
Full infrastructure (multi-chain, monitoring, runbooks) 6–10 weeks

All projects are managed in a GitHub/GitLab repository with CI/CD; configuration code stays with you. Order infrastructure deployment — we'll show how to cut costs by 20–30% without losing reliability. Get a consultation — we'll demonstrate how we deployed infrastructure for a protocol with large TVL on Ethereum and Arbitrum. Contact us.