So, because the nonce is created client-side, the client can just pre-compute as many valid hashes as they need.<p>Also, it's non-deterministic right? So you could potentially have someone waiting years for the hash to be solved?<p>Looks like you're essentially trying to rate-limit submissions. I think a signed timestamp would achieve this without wasting any cpu cycles, and wouldn't require any javascript.
This also protects against users that have mobile phones and older systems.<p>Also, the hashes are valid for 24 hours. Bots only need to pay the cost once per day.