A blockchain-based anti-counterfeiting system for pharmaceuticals relies on a digital twin for each physical product. This is typically a unique, cryptographically secure identifier—like a serial number or a hash of product data—anchored on-chain. The core smart contract logic manages the lifecycle of this identifier, recording its creation at the manufacturing facility and every subsequent transfer of custody. This creates an immutable audit trail from producer to patient, where any attempt to introduce a product with a duplicate or invalid identifier is immediately detectable by the system.
LABS
Guides
How to Design a Smart Contract System for Anti-Counterfeiting
A technical guide for developers on implementing a smart contract system to enforce business logic and cryptographic verification for pharmaceutical supply chain security.
Chainscore © 2026
introduction
PHARMA SUPPLY CHAINS
How to Design a Smart Contract System for Anti-Counterfeiting
A technical guide to implementing a blockchain-based verification system for pharmaceutical products using smart contracts.
The system architecture requires multiple smart contracts working in concert. A central Registry Contract acts as the source of truth, mapping product identifiers to their current state and owner. Factory Contracts, deployed by or permissioned for authorized manufacturers, are the only entities allowed to mint new product tokens. Verifier Contracts contain the business logic for stakeholders (distributors, pharmacies, regulators) to check a product's provenance. Using a modular design with role-based access control (e.g., OpenZeppelin's AccessControl) is critical for security and scalability.
For implementation, a common pattern is to use non-fungible tokens (NFTs) or semi-fungible tokens (ERC-1155) to represent individual product units or batches. Each token's metadata should include essential track-and-trace data: manufacturing date, batch number, expiration, and storage conditions. Off-chain data can be stored in a decentralized system like IPFS or Arweave, with the content hash stored on-chain. The smart contract must enforce rules, such as preventing a token from being transferred back to a previous owner in the supply chain, which could indicate fraud.
Here is a simplified Solidity code snippet for a product verification function in a Verifier contract:
solidityfunction verifyProduct(uint256 productId) public view returns ( address manufacturer, address currentOwner, bool isGenuine ) { // Fetch the token's owner from the Registry address owner = registry.ownerOf(productId); // Check if the token was minted by an authorized Factory address mintingFactory = registry.getMinter(productId); bool authorized = factoryRegistry.isAuthorized(mintingFactory); return (mintingFactory, owner, authorized && owner != address(0)); }
This function allows any participant to cryptographically verify a product's legitimacy by checking its on-chain provenance.
Integrating with the physical world requires secure data onboarding. Each product unit needs a scannable tag (QR code, NFC, or RFID) linked to its on-chain ID. Manufacturers must write the initial data, and each supply chain actor must scan and sign a transaction to update the product's location and custody. Oracles like Chainlink can be used to bring verified external data, such as IoT sensor readings for temperature during transport, onto the blockchain, adding another layer of verifiable integrity to the product's history.
Key considerations for deployment include choosing the right blockchain (permissioned chains like Hyperledger Fabric may suit consortia, while public layer-2s like Polygon offer transparency), managing gas costs for millions of products, and ensuring regulatory compliance with standards like the U.S. Drug Supply Chain Security Act (DSCSA). The end goal is a system where a consumer can scan a medicine package and receive cryptographically assured proof of its authentic journey through the supply chain.
prerequisites
FOUNDATION
Prerequisites and Tech Stack
Building a robust anti-counterfeiting system on-chain requires a solid technical foundation. This section outlines the core knowledge and tools needed to design and implement a secure smart contract solution.
Before writing any code, you need a firm grasp of Ethereum smart contract development. This includes understanding the Solidity programming language (version 0.8.x or later for security features), the EVM execution model, and key concepts like state variables, functions, and events. Familiarity with common ERC standards is crucial, particularly ERC-721 for non-fungible tokens (NFTs) and ERC-1155 for multi-token contracts, as these form the backbone of most digital asset systems. You should also understand gas optimization and the security considerations unique to public blockchains.
Your development environment will consist of several key tools. Use Hardhat or Foundry as your development framework for compiling, testing, and deploying contracts. For local testing and simulation, Ganache provides a personal Ethereum blockchain. You'll need a wallet like MetaMask for interaction and a node provider service such as Alchemy or Infura to connect to mainnet and testnets. Version control with Git is essential, and a basic understanding of a front-end library like ethers.js or web3.js is needed to build the interface that mints and verifies your assets.
The core logic of an anti-counterfeiting system revolves around provenance and immutable verification. Your smart contract must securely record the origin and entire lifecycle of a physical or digital item. This is typically achieved by minting a unique NFT that is cryptographically linked to the real-world asset. The contract needs functions to: - Mint tokens with authenticated metadata. - Update status (e.g., transfer ownership, mark as verified). - Provide a public verification method that returns a cryptographic proof of authenticity, such as a hash of the asset's unique identifier stored on-chain.
For advanced features, consider integrating oracles and zero-knowledge proofs (ZKPs). A decentralized oracle like Chainlink can be used to bring verified off-chain data on-chain, such as supply chain logistics updates or official registry checks. For privacy-sensitive verification where you need to prove authenticity without revealing underlying data, ZK-SNARK circuits (using libraries like circom and snarkjs) can be implemented. These technologies add significant complexity but enable powerful use cases like verifying a luxury good's authenticity without disclosing its serial number publicly.
Finally, a comprehensive testing and security audit strategy is non-negotiable. Write extensive unit and integration tests using Hardhat's testing environment or Foundry's Forge. Simulate various attack vectors, including reentrancy, front-running, and authorization bypasses. Before any mainnet deployment, your contract code should undergo a professional audit by a reputable security firm. Tools like Slither or MythX can be used for automated static analysis during development to catch common vulnerabilities early in the process.
system-architecture
SYSTEM ARCHITECTURE AND CORE CONTRACTS
How to Design a Smart Contract System for Anti-Counterfeiting
A guide to architecting a decentralized, on-chain system for verifying the authenticity and provenance of physical goods using smart contracts.
A robust anti-counterfeiting system requires a modular architecture centered on a single source of truth. The core is a factory contract that deploys unique, non-fungible tokens (NFTs) representing individual products. Each NFT's metadata should be stored on a decentralized protocol like IPFS or Arweave to ensure immutability. This contract acts as the canonical registry, mapping a product's serial number or unique identifier to its on-chain token and immutable metadata URI. Off-chain, each physical item must have a tamper-evident NFC chip or QR code that links directly to this on-chain record.
The factory contract must implement strict access control, typically using OpenZeppelin's Ownable or AccessControl libraries, to restrict minting privileges to verified manufacturers. A critical design pattern is the two-step minting process: first, a batch of token IDs is pre-registered with minimal data, and second, each token is fully minted and assigned to an end-user only upon a verified purchase or activation event. This prevents inventory from being fully minted and controlled by the manufacturer, aligning token ownership with physical possession. Events like ProductRegistered and TokenMinted should be emitted for off-chain indexing.
Provenance tracking is implemented through an immutable token transfer history. Every change of custody, from manufacturer to distributor to end-user, is recorded on-chain as an NFT transfer. For high-value goods, consider a custodial escrow contract that holds the NFT until payment and logistics are confirmed. The system should also include a verification contract with a simple verifyAuthenticity(uint256 tokenId) function that returns the token's current owner, full mint history, and a boolean status, providing a public interface for anyone to check an item's legitimacy.
To combat sophisticated fraud, integrate on-chain verification of physical markers. This can be done via oracles like Chainlink, where a trusted entity attests to the verification of a physical security feature, or through zero-knowledge proofs (ZKPs) where a physical scan generates a proof verifiable on-chain without revealing the underlying data. For example, a manufacturer could sign a message with a private key embedded in a product's secure element, and the smart contract verifies this signature. This creates a cryptographic link between the physical and digital twins.
Finally, design for upgradability and interoperability. Use a proxy pattern (e.g., Transparent Proxy or UUPS) for your core logic contracts to allow for security patches and feature additions without losing state. Ensure your NFT implements standards like ERC-721 or ERC-1155 to guarantee compatibility with major marketplaces and wallets. The system's effectiveness depends on the integration ecosystem—partner APIs for distributors, a user-friendly dApp for verification, and clear documentation for supply chain partners are essential for real-world adoption.
key-concepts
ANTI-COUNTERFEITING
Key Smart Contract Patterns for Supply Chain
Designing a secure and verifiable system to combat product fraud using on-chain provenance, tokenization, and decentralized verification.
05
State Machine for Product Lifecycle
Model the product's journey as a finite state machine within the contract. Define clear states (e.g., Manufactured, InTransit, AtCustoms, InWarehouse, Sold) and the allowed transitions between them. Each state change is a transaction signed by an authorized party (using AccessControl).
Benefits:
- Enforces a valid sequence of events (a product cannot be
Soldbefore it isManufactured). - Provides a clear, auditable status for any stakeholder.
- Allows the contract to execute logic specific to a state (e.g., releasing payment to a distributor upon transition to
InWarehouse).
state-machine-implementation
SMART CONTRACT DESIGN
Implementing the Product State Machine
A state machine is a core pattern for managing the lifecycle of a physical product on-chain, providing a transparent and immutable audit trail to combat counterfeiting.
A product state machine models the lifecycle of a physical item as a series of distinct, predefined states. Common states include MANUFACTURED, AUTHENTICATED, IN_TRANSIT, DELIVERED, and SOLD. Each state transition is triggered by a specific, authorized action, such as a manufacturer minting an NFT or a logistics provider confirming shipment. This design ensures the product's history is tamper-proof and verifiable by anyone, directly addressing counterfeiting by making unauthorized state changes impossible.
The smart contract must enforce role-based access control (RBAC) to govern who can trigger each transition. For example, only an address with the MANUFACTURER_ROLE can mint a new product NFT and set its initial state to MANUFACTURED. A LOGISTICS_ROLE might be required to update the state to IN_TRANSIT. This is typically implemented using libraries like OpenZeppelin's AccessControl. Without proper RBAC, the state machine's integrity is compromised, as any actor could falsely mark a fake item as authentic.
Here is a simplified Solidity code snippet illustrating the core structure:
solidityenum ProductState { MANUFACTURED, AUTHENTICATED, IN_TRANSIT, DELIVERED, SOLD } mapping(uint256 => ProductState) public productState; bytes32 public constant LOGISTICS_ROLE = keccak256("LOGISTICS_ROLE"); function shipProduct(uint256 productId) external onlyRole(LOGISTICS_ROLE) { require(productState[productId] == ProductState.AUTHENTICATED, "Must be authenticated"); productState[productId] = ProductState.IN_TRANSIT; emit ProductShipped(productId, msg.sender); }
This function ensures only authorized logistics partners can log a shipment, and only if the product is in the correct previous state.
To be effective, the on-chain state must be linked to the physical world. This is achieved through oracles and unique identifiers. A cryptographic hash of the product's serial number or a QR code can be stored in the NFT's metadata. Off-chain events, like a warehouse scan, can be relayed via a trusted oracle like Chainlink to trigger the DELIVERED state. For high-value goods, physical NFC chips with unique cryptographic keys can sign messages to prove physical possession, creating a robust, hybrid proof-of-physicality.
The final state, SOLD, should be triggered by a transfer of the NFT representing the product's ownership. However, the state machine's history remains permanently on-chain, separate from the NFT's ownership. This allows a new owner to verify the complete, immutable provenance of their asset. Auditors or customers can query the contract to see the entire sequence of states and the authorized addresses that triggered them, providing a powerful tool for supply chain transparency and consumer trust.
When designing your system, consider gas costs for frequent state updates and explore Layer 2 solutions like Polygon or Arbitrum for scalability. The state machine pattern is foundational for supply chain NFTs, luxury goods authentication, and pharmaceutical track-and-trace. By making the product's journey transparent and unforgeable, you create a significant barrier for counterfeiters who rely on opaque supply chains.
ownership-and-transfer-logic
GUIDE
How to Design a Smart Contract System for Anti-Counterfeiting
This guide explains how to build a blockchain-based system to verify product authenticity using smart contracts, focusing on ownership transfer and access control patterns.
Anti-counterfeiting systems on blockchain rely on creating a non-fungible token (NFT) for each physical product. This token acts as a digital twin or certificate of authenticity, immutably recording its provenance on-chain. The core design challenge is managing the lifecycle of this token to mirror the real-world product's journey, from manufacturer to end consumer. This requires implementing secure and logical rules for ownership transfer and restricting who can perform critical actions through access control.
The most critical function is the transferOwnership mechanism. A naive implementation using a standard NFT's transferFrom is insufficient, as it allows any holder to send the token freely, enabling forgery. Instead, implement a state-machine pattern where the token progresses through defined statuses like Minted, Shipped, ReceivedByRetailer, and SoldToConsumer. Transitions between states should be permissioned. For example, only the manufacturer's wallet (using a onlyManufacturer modifier) should be able to initiate a transfer from Minted to Shipped, updating the token metadata with logistics data.
Implement robust access control using OpenZeppelin's libraries. Use Ownable for single-admin functions like pausing the contract or updating the metadata schema. For role-based logic, employ AccessControl. Define roles like MANUFACTURER_ROLE, DISTRIBUTOR_ROLE, and RETAILER_ROLE. A transferToDistributor function would then be restricted with onlyRole(DISTRIBUTOR_ROLE). This ensures each entity in the supply chain can only execute actions appropriate to their part in the product's journey, preventing unauthorized state changes.
Incorporate proof-of-receipt to prevent repudiation. When a distributor receives a shipment, they must call a confirmReceipt function, signing the transaction with their private key. This on-chain signature acts as cryptographic proof that they accepted the goods. The smart contract logic should enforce that a token cannot be transferred to the next entity (e.g., a retailer) until the current holder has confirmed receipt. This creates an auditable chain of custody that is verifiable by end-users scanning a product's QR code.
For the consumer experience, design a final sale and lock mechanism. A finalizeSaleToConsumer function, callable only by a RETAILER_ROLE, transfers the token to the buyer's wallet and permanently locks it from further transfers. This lock, achieved by overriding the _beforeTokenTransfer hook in an ERC721 contract to revert if the token is in a Sold state, makes the token a permanent proof of ownership. The consumer can then use a dApp to view the complete, tamper-proof history from manufacture to their purchase.
cryptographic-verification
SMART CONTRACT DESIGN
Adding Cryptographic Proofs for Authentication
This guide explains how to design a smart contract system that uses cryptographic proofs to authenticate physical goods, providing a robust foundation for anti-counterfeiting solutions.
A smart contract-based anti-counterfeiting system anchors the authenticity of a physical item to a unique, on-chain cryptographic proof. The core principle is to create a digital twin for each manufactured product, represented by a non-fungible token (NFT) or a unique identifier stored in a registry contract. This digital record is cryptographically linked to a physical marker on the item, such as a QR code, NFC chip, or serial number. The smart contract acts as the single source of truth, allowing anyone to verify an item's provenance and ownership history by checking the immutable blockchain ledger.
The authentication process relies on a challenge-response protocol executed via the smart contract. When a user scans a product's QR code, their wallet or a dApp frontend generates a cryptographic signature of the scanned data. This signature, along with the product's unique identifier, is sent to the verification contract. The contract checks if the provided signature corresponds to the authorized manufacturer's or current owner's public key stored on-chain. A successful match returns a verified status, while a mismatch or a revoked identifier flags a potential counterfeit. This method ensures verification does not rely on a centralized database vulnerable to tampering.
For implementation, a basic ERC-721 or ERC-1155 contract is often used to manage the lifecycle of authentic products. Key functions include mintAuthentic(uint256 productId, address owner) for the manufacturer to create a new authenticated item, verifyOwnership(uint256 productId, bytes memory signature) for on-chain verification, and transferAuthenticity(uint256 productId, address newOwner) to update custody. It's critical that the mintAuthentic function is restricted to a privileged MANUFACTURER_ROLE using OpenZeppelin's AccessControl to prevent unauthorized issuance of authenticity tokens.
To link the physical and digital worlds securely, the system must incorporate tamper-evident physical markers. A common pattern is to encode a product's serial number and a blockchain address (or token ID) into a QR code. The corresponding private key for signing should be securely stored, often using a hardware security module (HSM) at the manufacturing facility. The on-chain contract stores the hash of this encoded data. During verification, the scanned data is hashed client-side and the resulting hash is checked against the on-chain record, proving the physical token matches the digital one.
Advanced designs can incorporate zero-knowledge proofs (ZKPs) for enhanced privacy and scalability. For instance, a ZK-SNARK can prove that a user possesses a valid signature for an authentic product identifier without revealing the identifier or signature itself on-chain. This allows for batch verification of multiple items or enables privacy-preserving authentication for high-value goods where revealing a specific token ID publicly might be a security concern. Frameworks like Circom and libraries such as snarkjs can be used to generate and verify these proofs in a Solidity contract.
Finally, consider the system's lifecycle and upgrade paths. Use a proxy pattern (e.g., Transparent Proxy or UUPS) for your verification contract to allow for bug fixes and improvements without losing state. Implement a revocation mechanism, such as a mapping of revokedProductIds, to handle recalls or discovered counterfeits. By combining immutable on-chain proofs, secure off-chain signing, and optional privacy layers, you can build a resilient anti-counterfeiting system that significantly raises the barrier for fraud.
DESIGN PATTERNS
Core Contract Functions and Authorization
Comparison of access control models for key functions in an anti-counterfeiting smart contract system.
| Function / Role | Owner-Only (Simple) | Multi-Sig (DAO/Governance) | Role-Based Access Control (RBAC) |
|---|---|---|---|
Register Authentic Product | |||
Mint & Issue NFT Token | Authorized Minter Role | ||
Update Product Metadata | Governance Vote | Metadata Manager Role | |
Pause/Unpause System | Multi-Sig (2/3) | Security Admin Role | |
Revoke Counterfeit Token | Governance Vote | Compliance Officer Role | |
Upgrade Contract Logic | Multi-Sig (3/5) | Upgrade Admin Role | |
Set Royalty Fee (0-10%) | Governance Vote | Financial Admin Role | |
Gas Cost for Admin Action | $5-20 | $50-200 | $10-50 |
handling-exceptions-recalls
SMART CONTRACT DESIGN
Handling Exceptions: Recalls and Quarantine
A robust anti-counterfeiting system must have mechanisms to handle compromised or fraudulent items after minting. This guide explains how to design smart contract functions for product recalls and quarantine.
In a physical supply chain, a recall is a reactive measure to remove defective or dangerous products from circulation. In a blockchain-based anti-counterfeiting system, a recall is a proactive, on-chain action that permanently invalidates a token's provenance. This is typically implemented by moving the token's state to a RECALLED status within the smart contract, which should prevent its further transfer or verification in any legitimate application. Unlike a simple burn, a recall maintains an immutable record of the action, providing an audit trail for regulators and consumers.
A quarantine function serves a different purpose: it temporarily suspends a token's status pending investigation. This is crucial for handling suspected counterfeits or items with disputed ownership. The contract logic should allow a trusted authority (e.g., the brand owner or a decentralized governance module) to place a token in a QUARANTINED state. While quarantined, the token cannot be transferred or used to claim rewards, but its history remains intact. This creates a "cooling-off" period for manual review or automated oracle checks before a final decision is made.
Here is a simplified Solidity example showing state management for these functions:
solidityenum TokenState { ACTIVE, QUARANTINED, RECALLED } mapping(uint256 => TokenState) public tokenState; function quarantineToken(uint256 tokenId) external onlyAuthorized { require(tokenState[tokenId] == TokenState.ACTIVE, "Invalid state"); tokenState[tokenId] = TokenState.QUARANTINED; emit Quarantined(tokenId, msg.sender); } function recallToken(uint256 tokenId) external onlyAuthorized { tokenState[tokenId] = TokenState.RECALLED; emit Recalled(tokenId, msg.sender); }
The onlyAuthorized modifier restricts these powerful functions to predefined admin addresses or a DAO. Every state change must emit an event for off-chain monitoring.
Integrating these states into your verification logic is critical. Any dApp or marketplace that checks your product's authenticity must query the tokenState before approving a transaction. For example, a secondary sale contract should include: require(tokenState[tokenId] == TokenState.ACTIVE, "Item not eligible for transfer");. This ensures recalled items are frozen across the entire ecosystem, not just in your primary contract. Consider using the ERC-721 or ERC-1155 standard's approval mechanisms in conjunction with these custom states.
For decentralized systems, consider implementing a timelock or multi-signature requirement for the recallToken function, as it is a destructive, irreversible action. The quarantineToken function could be governed by a lighter, faster mechanism, such as a vote from a panel of verified brand ambassadors. Always document the recall and quarantine policies clearly for end-users, perhaps by storing a URI pointer to the policy document in the token metadata, ensuring transparency about the rules governing their digital asset.
SMART CONTRACT DESIGN
Frequently Asked Questions (FAQ)
Common technical questions and solutions for developers building anti-counterfeiting systems on-chain.
The core architecture typically involves a factory contract that mints a unique NFT or SBT (Soulbound Token) for each physical product. This token acts as a non-transferable digital twin. The system's logic is enforced by a verification contract that allows anyone to check a product's authenticity by scanning a QR code or NFC tag, which calls a function to validate the token's existence and metadata against a secure registry. Key components include:
- Immutable Product Registry: A mapping of serial numbers to token IDs and manufacturer addresses.
- Proof-of-Origin Minting: Only authorized manufacturer wallets can mint tokens via the factory.
- Permissioned Transfers: If using NFTs, transfers may be restricted to authorized resellers via an allowlist to maintain chain of custody.
resource-links
GUIDE
Development Resources and Next Steps
Practical resources and design components for building a smart contract system that detects and prevents counterfeit physical or digital goods using onchain verification.
conclusion
DEPLOYMENT
Conclusion and Production Considerations
This guide has outlined the core components of an on-chain anti-counterfeiting system. Transitioning from a proof-of-concept to a production-ready application requires addressing several critical considerations.
Before mainnet deployment, a comprehensive security audit is non-negotiable. Engage specialized firms to review your smart contracts for vulnerabilities like reentrancy, access control flaws, and logic errors. For systems using ERC-1155 or ERC-721, ensure compliance with standards and test edge cases for minting, burning, and transferring tokens. Use tools like Slither or MythX for preliminary analysis, but rely on a formal audit for the final review. Budget for this as a core development cost, not an afterthought.
System architecture must scale with adoption. If tracking millions of physical items, evaluate gas costs for minting and verification. Consider a layer-2 solution like Arbitrum or Polygon for high-volume, low-cost transactions, while keeping the cryptographic root (like the Merkle root of your product database) anchored on Ethereum Mainnet for security. Implement an off-chain indexer or subgraph to efficiently query token metadata and ownership history, as on-chain queries can be slow and expensive for dApp frontends.
Define clear upgradeability and governance paths. While immutable contracts are ideal for trustlessness, business requirements may change. Use transparent proxy patterns (e.g., OpenZeppelin's UUPS) if upgrades are necessary, with a multi-signature wallet or DAO controlling the upgrade function. Document a key management policy for admin wallets and any private keys used in the supply chain signing process, utilizing hardware security modules (HSMs) or managed services for production secrets.
Finally, plan for real-world integration. The smart contract is just one component. Successful anti-counterfeiting requires robust off-chain systems: secure APIs for manufacturers to register products, mobile SDKs for end-user verification scans, and partnerships with logistics providers to attach on-chain identifiers to physical goods. The bridge between the physical item and its digital twin is the most critical—and often the most vulnerable—link in the system.