I was able to all 9000 code combinations without any issues - the bot just kept replying "I don't know of such a code, try again.".

There should be some sort of rate limiting - i.e. if someone enters incorrect code 5 times in a row, further messages from him won't be processed for some time (i.e. 5 minutes), next 5 wrong - 30 minutes, next 5 - a few hours or something.

This assumes that:

1. People have a reason to act as someone else
2. People attempting to verify have just decided to not verify themselves for however long it takes you to input all of those combinations (because Discord does have builtin rate limiting for messages)

This would just introduce more complexity that really isn't that necessary. Besides, this probably will only serve to be an annoyance to users who can't figure out the token system.

That being said, I'll ask if this would be appropriate for DSRV2, and defer the decision for DSRV's implementation of this to Scarsz.