We have a game written in javascript and therefore running in the browser of our users. The goal of the game is to pass as many obstacles as possible. Being a Jump&Run game, the mechanics are fairly easy.
We aim to save the achieved score of the user to the blockchain. For the time being we choose Ethereum.
To not dilute the decentralised nature of blockchain based solutions we want to keep the communications between the blockchain and the game purely on the clients side.
The problem to solve is to prevent the manipulation of the score before initiating the transaction of it to the blockchain.
The client can potentially intercept the variables used to temporarily store the score and manipulate them before they are used to prepare the transaction. To see how transaction are prepared, please read here. To read more about potential attack vectors, read here.
Economic Incentives: Implement a tokenomics system where players have to stake (lock) a certain amount of cryptocurrency to submit a score. If the score is found to be fraudulent through community verification or other means, they lose their stake.
Delayed Score Verification: Create a system where submitted scores are regularly checked by an external (off-chain) validation service. This requires the submission of not only the game score itself but additional data useful for validation. This can be: time between obstacles, speed of keyboard input, browser metadata or similar metrics to recreate and replay a gaming session. Reading from the smart contract does not cost Gas. So the external service can be maintained by the Gaming Company. Flagging potential manipulated submission will cost Gas and is subject to discussion about who is paying this fee.