What is the most challenging aspect of building onchain games?

skybreach

doing the right thing.
working hard.
being optimistic.
putting the team over the individual.
pushing boundaries with creativity.

Another thing (case specific): if this is not a FOCG, but you need user to sign a tx at the end of the session to store the game results on-chain, then you would need to validate the user session somehow to prevent abuse. We have built something like that for /skybreach that uses combination of SIWE, jwt and redis. Basically there's a server involved to record session start, then session end, validate it, then sign results with pk, return it to client and then client can pass it together with r,s,v to contract so it could validate further and store. Again it's very case specific, but it was quite time consuming thing to build securely.