When real money is at stake, competitive integrity isn't optional — it's the foundation. If leaderboard positions could be faked or manipulated, the entire platform falls apart. That's why Potly.Win invests heavily in anti-cheat systems that validate every single score before it counts.
We can't reveal every detail of how our detection works — that would give cheaters a roadmap. But we believe in transparency about the principles and general approach. Here's how we protect fair play.
Why Anti-Cheat Matters More Here
On a typical free browser game, cheating is annoying but ultimately harmless — the cheater gets a meaningless high score and moves on. On Potly.Win, a fake score could steal prize money from a legitimate player who earned their spot. That changes the stakes entirely.
It also has legal implications. As a skill-based contest platform, the legitimacy of our competitions depends on outcomes being determined by genuine player ability. If cheating could determine winners, the "skill" foundation weakens. Protecting competitive integrity isn't just good practice — it's a requirement.
Server-Side Score Validation
The most important principle in our anti-cheat approach is that the server has the final say. The game runs in your browser, but the score is validated on our servers before it's accepted. The client sends detailed game event data — not just a final number — and the server analyzes that data to determine whether the score is plausible.
This means manipulating the game in your browser isn't enough to post a fake score. The server checks whether the reported score is consistent with the reported game events, timing, and physics. If the math doesn't add up, the score doesn't count.
Session-Level Cryptographic Verification
Every game session starts with a handshake between your browser and the server. The server issues a unique session token and a signing key that's used to authenticate the score submission. This prevents common attacks like replaying a previous high-scoring session, submitting scores for sessions that never happened, or tampering with the score data in transit.
Each session is a one-time, authenticated event. Once it's submitted, the token is consumed and can't be reused.
Anomaly Detection
Beyond cryptographic checks, our system runs statistical analysis on every submitted score. It looks for patterns that don't match normal human play. Without getting into specifics, the system checks for things like scoring rates that exceed what's physically possible given the game mechanics, session durations that are suspiciously short or impossibly long, and statistical patterns that deviate significantly from the broader player population.
When a score triggers one or more anomaly flags, it gets held for manual review rather than being automatically rejected. We'd rather review a legitimate high score than accidentally reject one.
Note for skilled players: If you're significantly better than the average player, your scores might occasionally get flagged — especially early on when the player base is smaller and the statistical baselines are still forming. This is expected and doesn't mean you did anything wrong. Flagged scores are reviewed by a human, and legitimate scores are always approved.
Manual Review Process
Flagged sessions go into a review queue where a platform administrator examines the session data. The reviewer can see the game events, timing patterns, and the specific flags that were triggered. Based on this information, they either approve the score (it goes onto the leaderboard) or reject it (the score is removed and the leaderboard recalculates).
This human-in-the-loop approach is deliberate. Automated systems are good at catching obvious manipulation, but edge cases require judgment. A player who's genuinely exceptional shouldn't be punished by an algorithm that's never seen someone that good before.
Duplicate Account Detection
Prize pools are designed to reward the top 3 individual players. To prevent someone from creating multiple accounts to claim multiple prize positions, we track and cross-reference account data to identify duplicates. If duplicate accounts are detected competing on the same leaderboard, the accounts are flagged for review and may be banned.
What Happens If You're Caught Cheating
If a score is rejected during review, it's removed from the leaderboard and the prize pool standings are recalculated. If a pattern of cheating is established across multiple sessions, the account may be banned from the platform entirely. Every moderation action is logged in an audit trail for accountability.
We take a firm but fair approach: one suspicious score gets a review. Repeated attempts to manipulate the system result in a ban. The goal is to protect honest players, not to create a hostile environment.
An Ongoing Effort
Anti-cheat is never "done." As the platform grows and new games are added, the detection systems evolve to match. Each game has its own set of validation parameters tuned to its specific mechanics and scoring patterns. We continuously refine these systems based on real-world data and emerging patterns.
The bottom line: when you see a name above yours on the leaderboard, you can trust that they earned it the same way you're earning yours — through skill, practice, and fair play.