Counterfeit certificates are rampant. Supply chain data is scattered across disparate ERP systems and unverifiable by third parties. A consumer cannot confirm that an 'organic product' is truly organic. We solve this with blockchain architecture—we build the system turnkey, from design to deployment.
Blockchain alone does not solve data authenticity—data entered into a smart contract is input by humans. If incorrect data is entered, blockchain only guarantees immutability, not accuracy. A proper certification system architecture understands where blockchain truly helps and where it does not.
The Problem Blockchain Solves
Blockchain provides transparency and immutable records. In a traditional system, a supply chain involves many participants, each running their own ERP. During an audit or consumer complaint, data is reconciled manually—taking weeks and enabling fraud. Smart contracts automatically record each event: batch release, transfer, quality check, certificate revocation. Any participant (including consumers) can independently verify the history. Verification takes seconds, not weeks—saving up to 70% audit time.
Advantages of a Hybrid Network
Corporate participants often require commercial data confidentiality (prices, volumes). A purely public blockchain exposes all data, which is unacceptable. Private networks (Hyperledger Besu, Quorum) ensure privacy but lose trustless guarantees. A hybrid network—private network for operational data + anchoring hashes on a public blockchain—gives the best of both worlds. Hybrid network reduces data storage costs fivefold compared to a fully public network. We use this architecture in most enterprise projects.
Architectural Solutions
Network Selection
For supply chain systems with corporate participants, two classes of solutions fit:
Public networks (Polygon, Avalanche, Base)—transparency for the end consumer. Anyone can verify data via a block explorer. Downside: all data is public, which may be unacceptable for B2B data about counterparties and prices. Performance of such networks is typically up to 200 TPS.
Permissioned networks (Hyperledger Besu, Quorum, Fabric)—participant privacy, high performance (up to 10,000 TPS, 50 times higher than public), fixed set of validators. Suitable for consortia. Downside: loss of trustless guarantees characteristic of public networks.
Hybrid network: private network for operational data + anchoring hashes on a public blockchain for auditability. The optimal choice for most enterprise cases.
Product Identifiers
The standard is GS1 EPCIS 2.0 for supply chain events. Each physical object gets a unique identifier (EPC—Electronic Product Code) linked to an on-chain record:
contract ProductRegistry {
struct ProductBatch {
bytes32 batchId; // hash from GS1 GTIN + lot number + expiry
address certifiedBy; // certifying authority account
bytes32 documentHash; // IPFS CID in bytes32
uint256 certifiedAt;
CertificationLevel level;
bool revoked;
}
enum CertificationLevel {
ORIGIN_DECLARED, // seller declared origin
AUDITOR_VERIFIED, // independent auditor verified
LAB_TESTED, // lab tests confirmed
CERTIFIED // full certification completed
}
mapping(bytes32 => ProductBatch) public batches;
mapping(bytes32 => bytes32[]) public batchEvents; // event chain
// only accredited certifiers
mapping(address => bool) public certifiers;
modifier onlyCertifier() {
require(certifiers[msg.sender], "Not authorized certifier");
_;
}
function certifyBatch(
bytes32 batchId,
bytes32 documentHash,
CertificationLevel level
) external onlyCertifier {
batches[batchId] = ProductBatch({
batchId: batchId,
certifiedBy: msg.sender,
documentHash: documentHash,
certifiedAt: block.timestamp,
level: level,
revoked: false
});
emit BatchCertified(batchId, msg.sender, level);
}
function revokeCertification(bytes32 batchId, string calldata reason)
external onlyCertifier
{
require(batches[batchId].certifiedBy == msg.sender, "Not your cert");
batches[batchId].revoked = true;
emit CertificationRevoked(batchId, reason);
}
}
NFT vs. SFT vs. Fungible Token
We use different token types for batch certification. Comparison:
| Token Type | Use Case | Product Examples |
|---|---|---|
| ERC-721 (NFT certificate) | Each batch unique, need to distinguish all batches | Wine, luxury items |
| ERC-1155 (Semi-fungible) | Units within a batch identical, batches differ; partial transfer possible | Most goods (organic, pharma) |
| ERC-20 (Fungible) | Bulk/liquid goods without fixed batches | Grain, oil |
Learn more about standards in Ethereum documentation.
Chain of Events (Custody Transfer)
Each product movement in the supply chain is recorded as an event. Events form an auditable trail:
contract SupplyChainEvents {
struct CustodyEvent {
bytes32 batchId;
address from; // previous owner / producer
address to; // next owner / distributor
bytes32 locationHash; // hash of GPS coordinates or warehouse address
bytes32 conditionsHash; // hash of IoT data (temperature, humidity)
uint256 timestamp;
EventType eventType;
}
enum EventType {
PRODUCED,
QUALITY_CHECKED,
PACKAGED,
SHIPPED,
CUSTOMS_CLEARED,
RECEIVED,
RETAIL_LISTED,
SOLD
}
event CustodyTransferred(
bytes32 indexed batchId,
address indexed from,
address indexed to,
EventType eventType
);
}
Storing raw location and storage condition data on-chain is expensive. The proper pattern: data → IPFS/Arweave → data hash on-chain. A verifier downloads data from IPFS and checks the hash matches the on-chain record.
IoT Integration
Physical sensors (temperature during transport, humidity in warehouse) are crucial for food & pharma. Problem: IoT devices cannot sign Ethereum transactions due to limited compute resources.
Architectural solution—oracle pattern:
IoT Device → Edge Gateway → Oracle Service → Smart Contract
Edge Gateway collects data from devices, aggregates it, and sends it via a secure channel to an oracle service (Chainlink, API3, or custom). The oracle writes data on-chain with a trusted operator’s signature.
For IoT data trust: TEE (Trusted Execution Environment) on the edge gateway—Intel SGX or ARM TrustZone. Data is signed inside the isolated environment, and a proof of TEE execution can be verified on-chain. This approach is 3x more reliable than traditional manual logging.
Consumer Verification
A QR code on the product encodes the batchId. The consumer scans the QR and sees:
- Certification status (level, authority, date)
- Full custody chain from producer to shelf
- Documents (certificates, lab analyses) on IPFS
- Whether the certificate was revoked
- Ethereum certification details via block explorer
This is implemented as a static site or mobile app that reads data directly from the blockchain via JSON-RPC or via The Graph (for more complex queries).
Access Control and Accreditation
A critical component is managing who can write certification records. Options:
| Model | Suitable For | Risks |
|---|---|---|
| Centralized whitelist | Pilot projects | Single point of trust |
| DAO governance | Open ecosystems | Slow decision making |
| Accreditation body on-chain | Regulated industries | Requires off-chain legality |
| Multi-sig committee | Consortium | Participant coordination |
For regulated industries (organic food, pharma), the optimal model is where national accreditation bodies manage the on-chain list of authorized certifiers. This creates a bridge between the traditional regulatory system and blockchain.
How We Do It: Step-by-Step Process
- Requirements analysis: study business processes, number of participants, product types. Identify critical points where blockchain brings maximum benefit (e.g., 70% reduction in verification time, up to 40% audit savings, cost savings of $30,000 per year).
- Architecture design: select network (hybrid or public), design smart contracts, integration with ERP and IoT.
- Development and code audit: write smart contracts in Solidity 0.8.x, test with Foundry, run security audit (Slither, Mythril).
- Deployment and configuration: deploy in the chosen network, set up oracle, develop consumer web interface.
- Support and refinement: monitoring, updating smart contracts, team training.
Typical project investment: $50,000–$150,000, with ongoing support starting at $5,000/month.
Deliverables
Upon project completion, you receive:
- Audited smart contract source code
- API and architecture documentation
- Configured oracles and consumer verifier
- Team training
- 3 months post-deployment support
Contact us for a consultation—we will assess your project and propose the optimal solution.
Why Choose Us?
Our team has over 10 years of experience in blockchain development, delivered 50+ successful projects, and been on the market for 5 years. Our engineers have published audits for open-source projects and contributed to ERC standard development. We accompany every project through all stages.







