Is there a vulnerability?

Maybe I am too paranoik but isn't there a vulnerability that some bad guys will send many requests to your server-side endpoint and this client will return responses for those dummy requests and spend all the money on account?