New item is added to map here:

A malicious user can send separate subscription messages without exceeding websocket_max_accounts limit and can subscribe infinite number of accounts. In fact, a persisted account in current_tracked_accounts map never gets deleted without explicit unsubscribe message from client.

Rather than a fix just for this bug, my suggestion would be a change in the design how WebSocket connections are handled in general. I believe keeping state is a bad idea and it leads to bugs like this very easily.

After removing tracked_accounts state saved in tracking_db, I propose following algorithm:

• Keep a global map for account tracking (will call it G)
  • Let keys be accounts
  • Let values be the list of IP address that tracks this account in key
• When the proxy server loses connection to the node, close all client connections and empty G. Clients needs to keep their own account list anyway and should subscribe again on re-connect.
• When a client wants to subscribe
  • Check G
    • Add the client to the list of IPs that tracks this account.
    • If this client is the first client that tracks this account:
      • update the subscription with accounts_add option.
• When a client wants to unsubscribe
  • Check G
    • Remove the client from the list of IPs that tracks this account.
    • If this is the last client that tracks this account:
      • update the subscription with accounts_del option.

Sounds like a valid approach. I think the reason for why I saved this in persistent storage was to be able to restart the proxy server without messing up client's current subscriptions. But it's like you say, the client should reconnect with their account list anyway when reconnecting. I will try to fix this as soon as possible, thanks!