Valorant Dev Tracker

It's similar to web security bounties, reports are eligible for a reward if they lead to a change in the software to address the reported flaw.

So for example if a researcher reports a way to defeat the mechanism that ensures that the game client executable hasn't been modified and in response we make a change to fix the attack (by improving the mechanism) they'd be eligible for a reward.

On the other hand if a researcher created a general purpose AI that could play the game impossibly well by using a keyboard and mouse that report is unlikely to be eligible for a reward since there's no improvements we can make.

Though this would be the least of their (and our) worries as the tac shooter robot uprising would soon begin likely destroying human civilization.

Yeah, the need to play sounds for enemies even if you can't see them does weaken the Fog of War system, especially if a sound visualizing hack is used.

Sorry for the inconvenience! If we find a way to support cloud gaming services without weakening our anti-cheat protections we're definitely open to supporting them. We don't have any plans for this right now though.

Because pushing you out of a safe position in to something like a Vandal trained on you is a deadly threat. It takes threat of death to force repositioning - you can soak a Diva arrow, but Raze is about small area, high threat position clearing

We're working on it! It's not anti-cheat related though, it's because of how our netcode works.

What's happening is that the game is sending a packet every frame (sometimes more) to try and maximize game responsiveness. However, if your frame rate gets high enough the amount of packets can overwhelm your router (or your upstream bandwidth).

The workaround for now is just what you suggest (turning the FPS limiter on) but in an upcoming patch we'll have a fix that reduces the number of packets sent so that we don't accidentally crush routers.

Well said!

I wouldn't say that it's fine exactly but I don't think the measure of success is whether or not there can be cheats, instead it's what impact cheats are having on the game as a whole.

I'm hoping to get the bans as close to the detection as possible, even terminating a match if a player in it is detected. Sometimes there will be a delay because the cheater will be detected by some offline processing but I believe that where possible cheaters should be removed quickly.

It's a balancing act though because each ban gives cheat developers more information about what is detected and what is not, that's one reason that banwaves are a thing. Sometimes a banwave makes sense to try for maximum disruption of a cheat developer's operation.

We'll probably use both strategies but I'm going to advocate for immediate bans as much as possible because I want to remove cheaters from the environment before they damage any more matches.

Yeah, having anti-tamper technology is important but it's definitely not all we're doing!

Support tickets are great for bugs because the support agents know how to route the reports to the right developers. Other than that I know that devs are reading the bug megathread so that's another decent spot!

Edit: I'm pretty sure we've received other reports of this map bug, I heard someone mention it today so if I'm not confused we're working on a fix at the moment.

This is a tough one because one of the functions of the enemy outlines is to make the enemies easier to distinguish against the environment.

I'm talking to game designers and our art team about possibilities here, maybe we can figure out something that's good for humans and bad for pixel bots.

Yes, definitely! Riot Vanguard is very similar to ESEA's anti-cheat in some ways, one of the anti-cheat devs from ESEA works at Riot on Vanguard now.

Yes! We've got a bug bounty program on hackerone, it's entering its 7th year I think, for a little while at the beginning I was one of its admins. We accept reports on anti-cheat topics as well as more traditional application security reports.

Yes! We reward bug bounties for information on weaknesses in our anti-cheat technology as well as game bugs that can lead to exploits.

Oh sure, while I'm a little disappointed, I've never really expected the security work to be foolproof. The work over the last few years has really just set the stage for all the hard work that's to come. I hope that all this preparation will situate us well to respond to cheats going forwards.

I'm not really the brains of the outfit, I'm just the member of the team that's happy to talk to everyone. While I built some cool things (it's why I keep going on about Fog of War) the rest of the team are the real brains trust.

There're plenty of people both inside Riot and in the hacker community that are smarter than me but that's ok, working with (and against) really smart people is how I push my limits, learn things and just generally grow :)

Thanks for the kind words, I'll keep at it!

It looks like in this video the cheat is drawing the last known player locations on the screen, but you can see that they're wrong/obsolete until just before they come around the corner.

One way to tell is in a lot of the clips the enemy wallhack symbols teleport just before the engagement. This is because that's when the server had decided that the player needs that location information.

The fog of war system is dramatically reducing the effectiveness of the ESP here but as you can see there are still possible improvements we could make.

I've got a big article about how this system is built that I hope to release next week that goes into some more details.

thanks for the report, we're investigating

This will be fixed later today I hope!

It is easier to take down cheats that we're familiar with. I'm happy for you to DM me with any cheats you think I should see.

It's already in scope! I'm looking at some reports right now. If the documentation hasn't been updated we'll update it soon.

Definitely considered it and I bet it'll be annoying for cheaters (I love the invisible mining node story from WoW) but it's a lot of work so we haven't implemented anything like this yet.