Reward for a found vulnerability in a state system

If I find and report a vulnerability in a state information system, but do so, for example, anonymously or under a pseudonym, will I be able to actually receive an official reward and how does this work from a legal perspective? Will I not have problems with the law if I independently search for vulnerabilities without the owner's permission, but without interfering with the system's operation?