Encoding a StateLeaf struct with all zeros produces a different output then abi.encode(0). We've noticed that abi.encode(0) is used to represent a vacant state leaf.

An example where this differences may be exploited is a TRANSFER transaction where receiver is an empty state leaf.

The disputer would have to provide a witness for the receiver state leaf in:

But that's impossible to do since the witness leaf value is passed as a struct and it would be impossible to pass a struct which would have the same leaf hash as abi.encode(0).