The @1shotapi team found a interesting failure mode while experimenting with @PayPal's $PYUSD for x402 payments which in hindsight may have been obvious. Unlike $USDC, PYUSD (which is a @Paxos implementation) does not revert when calling `transferWithAuthorization` with a used nonce. So if facilitator/validation logic does explicitly check for a used nonce onchain, the facilitator will tell the server that the tx is valid, and `/settle` will spend gas processing a transaction that does not transfer PYUSD but instead simply emits a `AuthorizationAlreadyUsed` event, which would let a customer use the paywalled API for free unless the facilitator is inspecting the emitted events. This also presents an potential corner case for high-throughput uses cases for this type of implementation where a malicious user might send a large volume of x402 payments with the same nonce to a server, all of which would verify even if doing an onchain read, and the facilitator would end up paying the gas for bad txs that won't transfer PYUSD and also will not revert before inclusion in a block. The only way for a facilitator to protect against this is to keep an offchain record of submitted nonces AND check that a `Transfer` event was emitted in the final settlement so that paywalled APIs aren't circumvented. We'd be interested to here from x402 protocol contributors on this.