@dror mentioned that
paymaster must have balance to pay these values, but eventually pay only for the actual used gas
I believe that the above statement may not be completely true as the paymaster also needs to bear the cost of excess gas penalty implemented in the EntryPoint. With that, Vincent Lu, Elwin Chua and I have figured out a potential attack on Token Paymasters by exploiting the gas penalty in the EntryPoint logic. A malicious bundler can submit a user operation with a high callGasLimit that includes a paymaster. The bundler can earn from the penalty that the paymaster will have to bear.
If you want to know more in detail. you can refer to the notion document below. Hope to hear your thoughts.
lydian-fahrenheit-cc8.notion.site/Potential-Attack-on-Paymaster-69bcac8279764586a4bd941c37541395