Attacks exist in theory, particularly if implementation guidelines aren't followed. Such cases are implementation issues — not Payjoin protocol flaws. The Payjoin Dev Kit guides implementors to make misuse difficult.

While subtle attacks like dusting do occur on Bitcoin, probing Payjoin at scale is costly and practically limited.