Since webhook events are verified by sending them completely to the payment processor and then waiting for the result, a malicious user could create fake webhook events that are very very large, thus decreasing overall network speed.
If the webhook event is large enough it could even cause the app to go out of memory, because the event is parsed fully.
It seems that payment processors also don't really have a maximum allowed size for the webhook event before they close the connection.
Since webhook events are verified by sending them completely to the payment processor and then waiting for the result, a malicious user could create fake webhook events that are very very large, thus decreasing overall network speed.
If the webhook event is large enough it could even cause the app to go out of memory, because the event is parsed fully.
It seems that payment processors also don't really have a maximum allowed size for the webhook event before they close the connection.