In GraphQL, it is possible to run multiple queries without needing to batch them together.
If batching is disabled, you could build a query composed of multiple aliases calling the same query or mutation, if the server is not analyzing the cost of the query, it will be possible to overwhelm the server's resources by using expensive queries using aliases.
Query Middleware is needed to identify the use of aliases in order to make a decision (reject/allow) based on your business logic.
Query Cost Analysis will be beneficial against these attacks, since each query will ultimately result in increased cost.