Potential vulnerability in zk-Rollup systems

I have been working on my own zkRollup implementation for a while now (Ziesha Network). According to my research, most of the zkRollup implementations out there are using a giant Sparse-Merkle-Tree for storing accounts, in which each account contains another Sparse-Merkle-Tree storing the assets of that user. AFAIU, these numbers are limited. I have gotten these numbers in some of the rollup projects.

zkSync → Account capacity: 2^24, Token-capacity: 2^8 (Based on their protocol documentation)
zkBNB → Account capacity: 2^32, Token-capacity: 2^16

Now imagine (E.g In case of zkSync), I create 2^8 transactions, sending tokens to all empty slots of the victim account. This will block the victim account (People will not be able to send non-existing tokens to that account anymore), unless the account owner remove these tokens from his account.

Has this been studied? Are there solutions? Or am I missing something here? Thanks! :slight_smile: