Riot is flexing its anticheat Vanguard by placing a bounty of up to $100,000 for anyone brilliant enough to find and report gaps in the system
Riot's anticheat, Vanguard, is a pretty sturdy system in the world of competitive multiplayer online gaming. Well, it would have to be—otherwise, Riot probably wouldn't offer $100,000 to anyone who could seriously pick it apart.
The bounty system has been in place pretty much since Valorant was first launched a few years ago, but the idea still stands, and also seems like a great way to make a quick buck—if you're smart enough. It's all part of a continued effort to strengthen the anticheat software. Riot is reaching out to the "security research community" to "help us quickly repair security problems." If you manage to successfully identify new issues, particularly really severe ones, you can head over to Riot's bounty program on HackerOne to report said issue and wait for a reward.
"If you’re able to help us protect our players and their data by responsibly identifying new security issues for us to fix, you are awesome, and we want to reward you," the bug bounty reads. "Qualifying bugs will be rewarded based on severity. Our minimum reward is $250 USD. Rewards are granted entirely at the discretion of Riot. Publicly disclosing your bug without coordinating with us may lead to being ineligible for a bounty. We will judge this on a case-by-case basis."
Alerting Riot to "non-traffic volume based denial of service," like a vulnerability that can crash a game server with an application and prevent a target client from joining games, is worth $5,000-$10,000. You could also get $1,000-$4,000 for issues that affect players in multiple game sessions, or $500-$2,500 when it only affects players in your game session.
Then there are DDoS issues that can "identify and target individual players," such as an exploit that connects a player's IP address with their Riot ID without them being in-game, or a problem that allows "targeted in-game session disconnection." Exposing either of these issues can be worth up to $100,000.
There are more rewards on offer for finding vulnerabilities in Riot's infrastructure, and cheats or exploits in Riot games, but the bounties on these are slightly smaller. Before you get too carried away, it’s worth noting that Valorantgameplay bugs won't be accepted and should just be reported to player support.
It's not a complete coincidence that Riot's bounty system has returned to the spotlight after all these years, as many are using it as a way to get a dig in at Call of Duty and its current flawed anticheat, Ricochet. As some players just ask Call of Duty to "fight back", Twitch partner IceManIsaac jokes, "Activision is offering up to 100 COD Points to anyone that finds a replacement to their anticheat system, Ricochet."
Although Activision has just reported another significant banwave, with 19,000 accounts affected, players are still finding some significant drawbacks to Ricochet, namely its bad habit of shadowbanning innocent players.
But even though Ricochet may not be as effective as Vanguard, players still take issue with both anticheat systems. Vanguard and Ricochet both use kernel-mode drivers. These will start up with Windows and run even when you're not playing any Call of Duty or Riot games. They’ll look at other drivers and can even block them from running if there's a known vulnerability that could compromise the client. That said, since Vanguard was released alongside Valorant, there have been a few updates that have improved its performance, meaning it blocks fewer programs now.
After Vanguard's League of Legends rollout, there were multiple complaints about the anticheat messing up hardware. However, Riot Games has previously said it cannot "confirm any instance of Vanguard bricking anyone's hardware."
So it's clear Vanguard isn't perfect, and while it does seem to be performing better than Ricochet at the moment (or else Riot is careless with its bounty money), we've established it's a pretty low bar. But just because it may not be the worst anticheat system around doesn't mean you shouldn't try and chase the grand prize and earn some sweet cash.