Security for play-to-earn action game


So I'm making a play-to-earn game, that is a web game and its logic runs on the user's machine. After the player finishes a session, the game will call the following mint function:

contract GoldCoin is ERC20, Ownable, ReentrancyGuard {
    uint256 public maxSupply = 200000000 * 10 ** decimals();
    mapping(address => uint256) public canClaimDate;     
    bytes32 private answer = 0x7b2be995daa5546c8be8af8968994a3e99baa3aba4c69818b3abbd9c8a9af88a;    

    constructor() ERC20("Gold Coin", "GC") {
        _mint(msg.sender, 100000000 * 10 ** decimals());

    function mint(uint256 amount, string memory _pass) public nonReentrant{             
        require (amount <= 1000, "suspicious amount detected");        
        require (keccak256(abi.encodePacked(_pass)) == answer, "keyword doesn't match, stop trying to cheat and do some good in the world");
        require (block.timestamp >= canClaimDate[msg.sender], "24 hous haven't passed");
        require (maxSupply < amount + totalSupply(), "max supply exceeded");
        canClaimDate[msg.sender] = block.timestamp + 1 days;
        _mint(msg.sender, amount);

What I'm currently doing:

  • Limitating the amount of tokens that can be minted in a single function call, to what would be possible by playing.
  • Asking for a keyword that will be sent from the game, so it is more difficult to mint directly from the block explorer.
  • Limiting the minting to once per day, per player.

I know all this can be circumvented. What other measures would you put in place?
Passing all the logic through blockchain is not realistic for an action game, only for turn-based games.