[Security] BouncyCastle Signer Thread Safety Violation #222
Description
Bug Name
BouncyCastle Signer Thread Safety Violation
Attack Scenario
PrivateKey class stores a single Signer instance as mutable field used in non-thread-safe sign() method. signer.update() and signer.generateSignature() are not atomic. SignatureGeneratorFactory creates a single shared instance.
Impact
If two threads call sign() concurrently on the shared PrivateKey instance, one thread's update() can interleave with another's generateSignature(), producing corrupted signatures. Could cause silent order failures or signature mismatches.
Components
File: clients/common/src/main/java/com/binance/connector/client/common/sign/PrivateKey.java lines 27, 90-93. Shared via SignatureGeneratorFactory at auth/SignatureGeneratorFactory.java:14-36.
Reproduction
- Create a multi-threaded application using the Java connector.
- Make concurrent signed requests from multiple threads.
- Intermittent signature corruption when threads interleave update()/generateSignature().
Fix
Either: make sign() synchronized, create a new Signer per call, or use ThreadLocal.
Details
Finding ID: HIGH-02
Severity: High
Researcher: Independent Security Researcher -- Mefai Security Team