What is the best way to implement ad-supported prizes? I think it is to create a container and then open that container after a rewarded ad is completed.
What gives me pause is that it seems like that is vulnerable to hacking because the opening necessarily originates from the client.
However, the determination of whether or not they watched a rewarded ad, itself, originates from the client. Thus everything that descends from this determination is, to some extent, "fruit of the poisonous tree", right?
Still, until thinking about ad-support, I was able to keep everything server-authoritative. So I'm checking that nobody's thought of a better way.
Is creating a container and opening it from the client the best way to generate an ad-supported prize?