Add a salt when hashing

A user can ask for otp multiple times, and reverse engineer your secret key, because he has all the elements of the hash, the phone number, the otp, and the expiry timestamp appended to the hash. 

Adding a salt when hashing would make the process much more secure.

https://auth0.com/blog/adding-salt-to-hashing-a-better-way-to-store-passwords/