Blockchain-Based Supply Chain Tracking System Development

We design and develop full-cycle blockchain solutions: from smart contract architecture to launching DeFi protocols, NFT marketplaces and crypto exchanges. Security audits, tokenomics, integration with existing infrastructure.
Showing 1 of 1All 1305 services
Blockchain-Based Supply Chain Tracking System Development
Complex
from 1 week to 3 months
Frequently Asked Questions

Blockchain Development Services

Blockchain Development Stages

Latest works

  • image_website-b2b-advance_0.webp
    B2B ADVANCE company website development
    1348
  • image_web-applications_feedme_466_0.webp
    Development of a web application for FEEDME
    1247
  • image_websites_belfingroup_462_0.webp
    Website development for BELFINGROUP
    949
  • image_ecommerce_furnoro_435_0.webp
    Development of an online store for the company FURNORO
    1183
  • image_logo-advance_0.webp
    B2B Advance company logo design
    642
  • image_crm_enviok_479_0.webp
    Development of a web application for Enviok
    921

Most clients come to us with the same problem: their supply chain tracking systems are just a database with a web interface. The issue isn't technology but the architecture of trust: data is recorded by one party, and others are forced to believe it. When five parties from three countries are involved in the chain, this model breaks down. This is where blockchain solves a real problem: ensuring record immutability and public verifiability without a central arbitrator. Our team has many years of experience in blockchain development and has delivered over 15 projects in the supply chain space. For example, recording a single tracking event on Polygon costs about $0.005, which is incomparably cheaper than $5–10 on Ethereum mainnet. Polygon beats Ethereum by more than 1000x in transaction cost and by tens of times in finality speed. Gas for recording on a private Hyperledger Fabric network is fractions of a cent, e.g., $0.0001 per transaction.

How Blockchain Solves the Trust Problem in Supply Chain

Choosing a network is the first step. For corporate supply chains with a known set of participants, a permissioned network like Hyperledger Fabric or Besu in IBFT mode is better suited. A public blockchain via L2 (Polygon, Base) is justified when public verifiability is important, e.g., for QR scanning by consumers.

What to Store On-Chain vs. Off-Chain

The main mistake of beginner projects is trying to store everything on-chain. Result: expensive, slow, redundant. Rule: only document hashes, actor identifiers (addresses), timestamps, statuses (enum), and merkle roots of data batches are stored on-chain. Off-chain storage includes photos, PDF certificates, detailed sensor readings, and large JSON objects. A link to the storage (IPFS CID) and the content hash are recorded on-chain. IPFS provides decentralized storage with hash verification.

Why IPFS instead of the cloud? Cloud storage is tied to a single provider—a single point of failure. IPFS is decentralized: data is duplicated across many nodes, accessible by hash, and integrity is verified cryptographically. For supply chains, this guarantees that no participant can retroactively alter a product's history.
// Tracking event: lightweight on-chain, details in IPFS
struct TrackingEvent {
    bytes32 batchId;          // Batch/lot ID
    bytes32 dataHash;         // keccak256 of the full JSON event
    string  ipfsCid;          // CID of full data in IPFS
    address actor;            // who records (verified participant)
    EventType eventType;      // PRODUCED, SHIPPED, RECEIVED, INSPECTED, SOLD
    uint256 timestamp;
    bytes32 locationHash;     // hash of GPS coordinates (for privacy)
}

enum EventType { PRODUCED, SHIPPED, RECEIVED, INSPECTED, CERTIFIED, SOLD }

mapping(bytes32 => TrackingEvent[]) public batchHistory;
mapping(bytes32 => bool) public authorizedActors;

event BatchEvent(
    bytes32 indexed batchId,
    EventType indexed eventType,
    address indexed actor,
    bytes32 dataHash,
    string ipfsCid
);

function recordEvent(
    bytes32 batchId,
    bytes32 dataHash,
    string calldata ipfsCid,
    EventType eventType
) external {
    require(authorizedActors[keccak256(abi.encode(msg.sender, eventType))], 
        "Not authorized for this event type");
    
    TrackingEvent memory evt = TrackingEvent({
        batchId: batchId,
        dataHash: dataHash,
        ipfsCid: ipfsCid,
        actor: msg.sender,
        eventType: eventType,
        timestamp: block.timestamp,
        locationHash: bytes32(0)
    });
    
    batchHistory[batchId].push(evt);
    emit BatchEvent(batchId, eventType, msg.sender, dataHash, ipfsCid);
}

Managing Participant Access with DID

In a supply chain, there are several types of actors: producer, logistician, customs, retailer, inspector. Simple Ownable is not suitable—a role-based system with delegation is needed. W3C DID Core is a standard for decentralized identity. Each participant has a DID linked to their smart contract addresses. Participant verification (KYB) happens off-chain through accredited verifiers who issue Verifiable Credentials (VC).

// VC verification when registering a participant
import { Resolver } from 'did-resolver'
import { getResolver as ethrResolver } from 'ethr-did-resolver'
import { verifyCredential } from 'did-jwt-vc'

async function verifyParticipantCredential(
  vcJwt: string,
  participantAddress: string
): Promise<boolean> {
  const resolver = new Resolver({
    ...ethrResolver({ infuraProjectId: process.env.INFURA_ID })
  })

  const result = await verifyCredential(vcJwt, resolver)

  // Check that VC was issued by an accredited verifier
  const trustedIssuers = await getTrustedIssuers()  // from smart contract
  if (!trustedIssuers.includes(result.issuer)) {
    return false
  }

  // Check that VC belongs to this address
  return result.verifiableCredential.credentialSubject.ethereumAddress
    .toLowerCase() === participantAddress.toLowerCase()
}

Role-Based Access with Time Windows

A participant may have the right to record events only during a specific period (e.g., cargo transit time):

struct ActorPermission {
    bytes32 role;           // PRODUCER_ROLE, SHIPPER_ROLE, etc.
    uint256 validFrom;
    uint256 validUntil;
    bytes32[] allowedBatches;  // empty array = all batches
}

mapping(address => ActorPermission[]) public permissions;

function isAuthorized(
    address actor,
    bytes32 role,
    bytes32 batchId
) public view returns (bool) {
    ActorPermission[] storage perms = permissions[actor];
    for (uint i = 0; i < perms.length; i++) {
        if (perms[i].role == role &&
            perms[i].validFrom <= block.timestamp &&
            perms[i].validUntil >= block.timestamp) {

            if (perms[i].allowedBatches.length == 0) return true;

            for (uint j = 0; j < perms[i].allowedBatches.length; j++) {
                if (perms[i].allowedBatches[j] == batchId) return true;
            }
        }
    }
    return false;
}

How to Integrate IoT with Blockchain?

Sensor data must land on-chain automatically and immutably. This is an architectural problem: an IoT device cannot sign Ethereum transactions directly (no RAM, no battery for EVM-class cryptography). We use a Gateway + Oracle pattern: an edge gateway aggregates sensor data, signs it, publishes to IPFS, and an oracle service sends the transaction to the smart contract.

# Oracle service: verification and recording of sensor event
from web3 import Web3
from eth_account import Account
import ipfshttpclient

async def process_sensor_reading(gateway_id: str, payload: dict, signature: str):
    # 1. Verify gateway signature
    message = encode_defunct(text=json.dumps(payload, sort_keys=True))
    recovered = w3.eth.account.recover_message(message, signature=signature)

    gateway_address = await get_registered_gateway(gateway_id)
    if recovered.lower() != gateway_address.lower():
        raise ValueError("Invalid gateway signature")

    # 2. Publish to IPFS
    async with ipfshttpclient.connect() as ipfs:
        cid = ipfs.add_json(payload)

    # 3. Record on-chain
    data_hash = Web3.keccak(text=json.dumps(payload, sort_keys=True))

    tx = tracking_contract.functions.recordSensorEvent(
        payload['batch_id'].encode(),
        data_hash,
        cid,
        EventType.SENSOR_READING
    ).build_transaction({
        'from': oracle_account.address,
        'nonce': w3.eth.get_transaction_count(oracle_account.address),
        'maxFeePerGas': await get_gas_price(),
    })

    signed = oracle_account.sign_transaction(tx)
    tx_hash = w3.eth.send_raw_transaction(signed.rawTransaction)
    return tx_hash.hex()

For high trust requirements, we use an HSM (Hardware Security Module) directly in the device. The Microchip ATECC608 is an inexpensive chip with an ECC key pair that cannot be extracted. The device signs data with a key that is physically protected from compromise.

Example: Pharmaceutical Supply Chain

Consider a pharmaceutical supply chain (FDA DSCSA compliance requires electronic tracking). Main events:

  • Event 1: Production — record batch ID, date, composition, CoA hash. A QR code with batchId is generated.
  • Event 2: Shipment — the logistician scans the QR, records carrier ID, tracking number, temperature range.
  • Event 3: Customs Clearance — record declaration, status, inspector ID.
  • Event 4: Receipt — date, physical inspection, discrepancies. Hash verification.
  • Event 5: Sale to consumer — the consumer scans the QR and sees the full history.

How We Do It: 5 Steps

  1. Business process analysis — identify key events, participant roles, and data entry points.
  2. On/Off-chain model design — determine what to store on blockchain vs. IPFS.
  3. Smart contract development — implement tracking, role system, and access control.
  4. IoT and ERP integration — configure gateway, oracle, and API for ERP/WMS.
  5. Pilot and deployment — test with real data, train participants.

Network Selection

Parameter Public L2 (Polygon/Base) Hyperledger Fabric Besu (IBFT)
Public verifiability Yes No No
Cost per write ~$0.001–$0.01/tx Almost 0 Almost 0
Finality speed 2–5 sec < 1 sec 2–5 sec
Access control Smart contracts Native channel/MSP Smart contracts
Regulatory requirements Public blockchain Private network Private network

Development Phases

Phase Duration Result
Design 2–3 weeks Business process analysis, on/off-chain data model
Smart contracts 3–4 weeks Tracking contracts, role system, tests
Oracle + IoT 3–4 weeks Gateway integration, oracle service, IPFS pipeline
API & Dashboard 3–4 weeks REST/GraphQL API, admin panel, consumer verifier
Integration & Pilot 2–4 weeks ERP/WMS integration, pilot

The most time-consuming phase is integration with participants' legacy ERP systems, not blockchain development.

What's Included

Smart contracts: event tracking, role system, access control. Backend: API for ERP/WMS integration, oracle service for IoT data processing. Dashboard: admin panel and consumer-facing product verification module. Documentation: architecture diagram, API specification, deployment guide. Training: training for key participants in the chain. Support: warranty service and optional extension.

Contact us to evaluate your project. Order end-to-end supply chain tracking development.

Blockchain Infrastructure Deployment: Nodes, RPC, Indexing

Subgraph fell at 3:47 AM. By morning users saw outdated balances, transactions "hung" in the UI, support received 47 tickets in an hour. Cause: the handler in the subgraph failed on a transaction with a non-standard event log — and the entire index stopped. We have encountered such situations dozens of times. Our experience shows: blockchain infrastructure does not forgive gaps in observability. Guaranteeing uptime without multi-layered monitoring and fault-tolerant architecture is impossible. Over 8 years working with Ethereum, Polygon, and Solana, we have developed an approach that allows predictable deployment of infrastructure of any scale — from a single node to a multichain grid with dozens of subgraphs.

RPC Layer Architecture

Every dApp interaction with the blockchain goes through RPC — the JSON-RPC API provided by a node. Three options:

Managed providers — Alchemy, QuickNode, Infura, Ankr. Minimal operational costs, SLA, built-in monitoring. Limits: rate limits (Alchemy Free: 300 RU/sec), vendor lock, potential downtime during provider incidents. For most projects — the right choice at the start.

Self-owned nodes — full control, no rate limits, no third-party dependence. Cost: archive Ethereum node requires 2.5–3TB SSD, a strong server, and DevOps support. Sync from scratch on Ethereum via Geth/Nethermind — 3–7 days. Justified under high load or latency requirements.

Hybrid — self-owned node as primary, managed provider as fallback. Standard for protocols with high TVL. Proper load balancing can reduce costs by 20–30% compared to pure managed setup. Under high monthly request volume, hybrid saves significantly.

Provider Strength Limitation
Alchemy Supernode, Enhanced APIs, webhooks Expensive on high-volume
QuickNode Low latency, multi-chain More expensive than Alchemy on basic plan
Infura Historical reliability Rate limits on free, one major incident halted half of DeFi
Ankr Cheap, 40+ chains Less stable

How to Set Up an RPC Layer Without a Single Point of Failure?

At least two providers, DNS round-robin with health check every 5 seconds, automatic fallback when latency >500 ms. In practice, this gives 99.99% availability during any provider failure. For protocols with high TVL, we recommend a custom HA-proxy (nginx or Envoy) in front of two managed providers.

Why Is a Hybrid RPC Scheme More Cost-Effective Than Pure Managed?

At high request volumes, managed providers can be very expensive; a hybrid using a self-owned node as primary and a managed fallback cuts costs significantly without losing SLA.

Ethereum Node Clients

Execution clients: Geth (most used), Nethermind (C#, fast sync), Besu (Java, enterprise), Erigon (fastest sync, efficient archive mode ~2TB instead of 3TB).

Consensus clients (post-Merge): Lighthouse (Rust), Prysm (Go), Teku (Java), Nimbus (Nim). Each node after The Merge requires a pair of execution + consensus clients.

For DevOps: eth-docker — Docker Compose configurations for all client combinations. Setting up monitoring via Grafana + Prometheus is mandatory; a standard dashboard is available in each client's repository.

The Graph: Event Indexing

The Graph Protocol — decentralized indexing. A subgraph describes which events from which contracts to index and how to transform them into a GraphQL schema.

Subgraph structure:

  • subgraph.yaml — manifest: contract addresses, startBlock, events to handle
  • schema.graphql — GraphQL schema of entities
  • src/mapping.ts — AssemblyScript event handlers
dataSources:
  - kind: ethereum
    name: UniswapV3Pool
    network: mainnet
    source:
      address: "0x88e6A0c2dDD26FEEb64F039a2c41296FcB3f5640"
      abi: UniswapV3Pool
      startBlock: 12370624
    mapping:
      eventHandlers:
        - event: Swap(indexed address,indexed address,int256,int256,uint160,uint128,int24)
          handler: handleSwap

AssemblyScript handlers — not TypeScript. No nullable types, no closures, no many standard APIs. An error in the handler stops the subgraph indexing on that transaction. Important: add try-catch for operations that can fail (e.g., store.get() for an entity that may not exist).

How to Avoid Subgraph Indexing Stops?

Graph Node logs are monitored in real-time; on hasIndexingErrors = true an alert fires and an automatic node restart (via systemd or Kubernetes). Typical downtime on error — 150–300 seconds to recover. Additionally, for production we set up a watchdog that restarts Graph Node if subgraph lag exceeds 50 blocks.

Choosing Between Hosted Service and Decentralized Network

Graph Hosted Service (free, centralized) is deprecated in favor of Subgraph Studio + Graph Network. For production: deploy on Graph Network with GRT curation signal — the subgraph gets indexers proportional to curation.

Alternatives to The Graph: Ponder (TypeScript, self-hosted, easier to debug), Envio (ultra-fast indexer, supports EVM + non-EVM), Subsquid (TypeScript, own network), Moralis Streams (managed, webhook-based). Our experience shows: for high-load projects with unique logic, Ponder or Envio are more effective — they give full control over the process and do not require GRT tokenomics.

Webhooks and Real-Time Notifications

Alchemy Webhooks and QuickNode Streams allow receiving events in real-time via HTTP webhook or WebSocket. For monitoring addresses, new transactions, mints — this is faster than polling RPC.

Tenderly — platform for monitoring and alerts. You can set up an alert for a specific contract event, balance change, function call with certain parameters. Transaction simulation via Tenderly API is invaluable for debugging.

Monitoring and Observability

Minimum monitoring stack for a protocol:

On-chain: OpenZeppelin Defender Sentinel — watches contract events, triggers webhook or Autotask when conditions are met. Forta Network — community-maintained bots detect anomalies (large withdrawals, flash loans, governance attacks).

Infrastructure: Grafana + Prometheus for nodes, Datadog or Grafana Cloud for managed metrics. Alerts on: node is 10+ blocks behind, RPC latency >500ms, subgraph lag >100 blocks.

Uptime: Better Uptime or PagerDuty on RPC endpoint and subgraph health endpoint (The Graph provides _meta { hasIndexingErrors, block { number } }).

Why Is Monitoring Without Tenderly Insufficient?

Tenderly provides transaction simulation and detailed traces — critical for debugging subgraph and smart contract errors. Forta focuses on network anomalies, not your infrastructure. The combination of Tenderly plus a custom Grafana dashboard covers 90% of incident scenarios.

Multichain Infrastructure

A protocol on 5 chains = 5 separate RPC endpoints, 5 subgraphs, 5 monitoring configs. Manageable but requires deployment automation.

For subgraph multi-network deployment: graph deploy --network mainnet, graph deploy --network arbitrum-one etc. with a unified codebase and network-specific addresses in separate config files.

Chainlink CCIP and LayerZero for cross-chain messaging require monitoring of both chains and transactions on intermediate relayers. A reorg on the source chain after a confirmed mint on the target chain is a classic bridge problem. Solution: wait for finality (on Ethereum ~15 minutes after Merge for economic finality) before confirming on the target chain.

Infrastructure Setup Process

  1. Audit current stack — determine chains, request volume, latency and availability requirements.
  2. Architecture design — select providers, load balancing, redundancy.
  3. Subgraph development — manifest → schema → handlers → testing on local Graph Node → deploy to testnet → mainnet.
  4. Monitoring configuration — Tenderly alerts, Grafana dashboard, PagerDuty integration.
  5. Documentation and runbook — what to do when: subgraph falls behind, RPC downtime, node desync.
  6. Handover to operations — team training, access transfer, first month support.

What's Included

  • Deployment of managed or self-hosted Ethereum, Polygon, BNB Chain nodes
  • RPC layer setup with primary/fallback and load balancing
  • Subgraph development and deployment for your protocol
  • Monitoring connection (Tenderly, Grafana, alerts)
  • Runbook and operations documentation
  • Team training (up to 4 hours online)
  • 30-day support after delivery

Timeline

Task Duration
RPC and basic monitoring setup 1–2 weeks
Subgraph for one protocol 2–4 weeks
Self-hosted node with monitoring 2–3 weeks
Full infrastructure (multi-chain, monitoring, runbooks) 6–10 weeks

All projects are managed in a GitHub/GitLab repository with CI/CD; configuration code stays with you. Order infrastructure deployment — we'll show how to cut costs by 20–30% without losing reliability. Get a consultation — we'll demonstrate how we deployed infrastructure for a protocol with large TVL on Ethereum and Arbitrum. Contact us.