Riot Games, developers of League of Legends and new FPS game Valorant, are offering large cash rewards for anyone who can identify crucial flaws in their anti-cheat system, Vanguard.
Valorant uses a new anti-cheat system called Vanguard, which has caused controversy among players after it was discovered it runs immediately from start-up on users’ systems.
This is done to avoid would-be cheaters loading up hacks before the anti-cheat protections have initialized. This ensures that the client “has not been tampered with” and any “untrusted machines” cannot play Valorant at all.
This caused debate, as there were concerns that the anti-cheat was too invasive, running constantly in the background even when not playing Valorant.
Riot trumpeted their plans to combat all forms of hacking and cheating prior to the release of the closed beta, but it didn’t take long for the inevitable to happen, and on day three the first account was banned.
$100K to help Riot tackle cheaters
In their battle to stop cheaters, Riot Games are now offering up to $100,000 to anyone who can provide “high-quality reports that demonstrate practical exploits leveraging the Vanguard kernel driver.”
The bounty is being offered on HackerOne, a platform where developers can ask for the help of experienced techie’s to expose flaws in their security, with some money to be made.
Riot’s offering of $100,000 is absurdly large, at least by the standards of other game devs. Kotaku reports that Nintendo, for example, offered up to a maximum of $20,000 for finding flaws with the 3DS and Switch consoles. Rockstar Games offer up to $10,000 for tip-offs on GTA’s and Red Dead Redemption’s anti-cheat.
If you reckon it’s something you could help with, Riot has given some tips for what is required in the reports to increase your chance of earning the bounty. These include “easy-to-follow reproduction steps” and not accessing or modifying any player data, if it is inadvertently stumbled upon.
It’s also important that any findings are not disclosed publicly or to anyone outside of Riot, otherwise becoming ineligible for the bounty reward. The minimum on offer is $250, and the basic criteria is “if Riot has to implement a code change to fix the security bug, it most likely qualifies for a bounty.”