Skip to main content

Riot offers big 'bug bounties' for finding security flaws in Valorant's anti-cheat system

(Image credit: Riot Games)

Valorant is already a tremendously popular shooter, despite still being in very limited closed beta testing, but some gamers have expressed concerns about its Vanguard anti-cheat system. It's a two-part operation, consisting of a client that runs while Valorant is active, and an always-active kernel mode driver than loads at boot. It's pretty technical (you can get a deeper dive on it here), but the short version is that the presence of the kernel has led to worries about risks to security and privacy.

Earlier this week, Riot posted an explanation of what Vanguard is and why people don't need to worry about it, in Riot's view. Today, it followed that with a new message talking more about its approach to security in general and its "philosophy" toward Vanguard in particular, which it says will "help us achieve the vision of competitive integrity while enabling us to continuously adapt our arsenal in the war against cheaters."

"Vanguard does not collect or process any personal information beyond what the current League of Legends anti-cheat solution does," it said. "Riot does not want to know more about you or your machine than what is necessary to maintain high integrity in your game."

It also provided a general overview of how the system works:

  • Vanguard consists of three components: the client, driver, and platform.
  • The client (user-mode) handles all of the anti-cheat detections while a game is running.
  • The client needs to communicate with the platform to receive detections and in order for a player to be able to play.
  • The client does not consider a machine trusted unless it recognizes the driver; untrusted machines cannot play Valorant.
  • The driver (kernel-mode) is used by the client to validate memory and system state, and to make sure the client has not been tampered with.
  • The driver runs at start-up to prevent loading cheats prior to the client initialization. 
  • The driver can be uninstalled at any time (“Riot Vanguard” in Add/Remove Programs), although Valorant won’t run without it.
  • The driver does not collect or send any information about your computer back to us.
  • The driver has been signed by Riot’s own EV cert, which has in turn been signed by Microsoft as per their code signing process.

Riot also put its money where its mouth is (literally) by announcing an expansion of its HackerOne Bug Bounty program. Riot, like Valve, Rockstar, and Microsoft, offers cash rewards to anyone who discovers and reports security vulnerabilities in its services, and it has now expanded that program to include specific rewards for Vanguard.

"Alongside our new game Valorant, we have deployed our new anti-cheat solution Vanguard that leverages a kernel driver to combat cheaters more effectively," the HackerOne page says. "To reinforce our commitment to our players' security, we are offering special bounties for up to $100,000 for high quality reports that demonstrate practical exploits leveraging the Vanguard kernel driver."

There are various eligibility requirements in place and the details of each reported security flaw have to be hashed out with Riot, but as its reporting page says, "If Riot has to implement a code change to fix the security bug, it most likely qualifies for a bounty." Riot's regular bug bounty program, which has been running for six years (and, Riot said, has handed out nearly $2 million in bounties) will continue as usual.

Riot also expanded opportunities to get in on the Valorant closed beta, announcing earlier this week that access keys will now be granted through all Valorant streams on Twitch.

Andy covers the day-to-day happenings in the big, wide world of PC gaming—the stuff we call "news." In his off hours, he wishes he had time to play the 80-hour RPGs and immersive sims he used to love so much.