Riot offers up to $100,000 in bounty for ‘Valorant’ security flaws

Anyone who can find vulnerabilities in Valorant’s anti-cheat system will receive some major bounties, according to Riot.

Cheating ruins the fun in any game, but in the world of online gaming, it is all the more rampant. Luckily, game developers are doing all they can in order to stop players from being able to cheat in a game. In fact, Activision just recently banned around 70,000 players that were found to be cheating on Call of Duty: Warzone.

However, time and time again, players are finding novel ways of going around a game’s security system. That is why developers have to work hard to prevent situations like that from happening. 

Riot integrates kernel-based Vanguard system onto Valorant

Even though it hasn’t launched yet and is just in its beta-phase, Valorant is already a popular tactical shooter game. Because of this, Riot Games is doing everything possible to safeguard its project from would-be cheaters.

The developers had integrated an anti-cheat system called “Vanguard,” and while their intentions might be good, players have become wary of its kernel-mode driver which loads as soon as one boots into Windows. 

Riot Games explains that such a system is necessary because there are numerous cheating softwares that makes use of kernel-mode drivers in order to avoid detection. Because kernel-mode drivers require higher privileges to access, regular applications are unable to detect them. 

According to Riot, Vanguard was originally planned for League of Legends and explains that they need such a system because there are players that apply cheating hacks prior to loading the anti-cheat system. 

“In the last few years, cheat developers have started to leverage vulnerabilities or corrupt Windows’ signing verification to run their applications (or portions of them) at the kernel level. The problem here arises from the fact that code executing in kernel-mode can hook the very system calls we would rely on to retrieve our data, modifying the results to appear legitimate in a way we might have difficulty detecting. We’ve even seen specialized hardware utilizing DMA1 to read and process system memory – a vector that, done perfectly, could be undetectable2 from user-mode,” Riot says in a blog post back in February

All-access pass to a player’s computer

Because the Vanguard system (vgk.sys) runs every time a player turns on his computer, many are concerned that the anti-cheat system would allow unauthorized users to gain administrative access in every players’ computers 

Riot seems to have confirmed this claim as fact and that they intend for the vgk.sys to run upon boot so that cheaters won’t be able to install cheats even before playing the game. However, the company explains that no user information is being gathered or sent when running the vgk.sys and that Riot doesn’t want to know more about players other than what is necessary to maintain the fairness of the game. 

Expanding HackerOne Bug Bounty Program

No system is ever truly perfect, and Riot knows that which is why the company will be offering big bounties to anyone who can find security vulnerabilities in its services. Any player who would be able to report possible weaknesses that could be exploited would receive around $100,000 depending on the quality of the reports. 

The HackerOne Bug Bounty has been in place for around six years now and has handed over $2 million in compensation for reported and proven security flaws. Now the company is expanding it to include Valorant, but not every report would be considered eligible. 

According to Riot, there are a number of eligibility requirements for a reported security flaw to be considered. However, if the developers have to change a code in order to fix a security flaw, then it would definitely be eligible for a bounty. 

Bounties could range from $25,000 to $100,000 depending on the severity of the security flaw reported. 


Images courtesy of Alexander Andrews/Unsplash and Valorant/Twitter

Micky is a news site and does not provide trading, investing, or other financial advice. By using this website, you affirm that you have read and agree to abide by our Terms and Conditions.
Micky readers - you can get a 10% discount on trading fees on FTX and Binance when you sign up using the links above.