Various GraphQL implementation do not bother de-duplicating repeating fields in GraphQL, allowing the user to multiply the same requested fields as they wish.
This causes extra load on the server to return the same fields over and over again.
There are a few ways in which this issue can be mitigated:
Field De-Duplication can be achieved by using a middleware function to traverse the schema and remove any duplications, or simply analyze repeating patterns in order to reject the query.
Query Cost Analysis will be beneficial against these attacks, since each field will ultimately result in increased cost.