We are building a site that is selling one-off items, so need to ensure that the same item is not purchased twice. We are using the adaptive payments API to split the payment among those involved, and handling the IPN sent to us.
What can happen, though, is that two people may click "Buy Now" at the same time (or even a minute or so apart). If the 1st person does not complete their payment before the 2nd clicks to buy, then that 2nd person can also make a payment.
There seems to be a gap between us sending the buyer to paypal and them completing the payment where we have no control over what is happening. If we take the item off sale as soon as the 1st person clicks on buy, then we risk a DoS attack where a bot clicks all the buy buttons and does not complete a transaction. If we don't take the item off sale immediately, we could easily end up with multiple buyers paying for the same item (of which there can only be one).
Is there a solution to this?