Shopify: Bypass GraphQL rate limit by abusing negative cost queries

Hi security team, While looking into the graphql app I noticed an interesting implementation where each app has a bucket of query cost they are allowed to used in a given time with a certain refresh rate associated with it. The details can be found at...