L-01: Zero-value transfers may revert outside an assertion

**Source:** OpenZeppelin Midnight - Compact Contracts Audit

## Description

The `_update` function in the `MultiToken` contract [reduces the source account's balance](https://github.com/OpenZeppelin/compact-contracts/blob/d8ee045f30153f49b11b82a2f891066ee402a25f/contracts/src/token/MultiToken.compact#L320) without checking if the token `id` record has been initialized. In practice, this will only occur when the `value` is set to zero. This means a zero-value [transfer](https://github.com/OpenZeppelin/compact-contracts/blob/d8ee045f30153f49b11b82a2f891066ee402a25f/contracts/src/token/MultiToken.compact#L415), [mint](https://github.com/OpenZeppelin/compact-contracts/blob/d8ee045f30153f49b11b82a2f891066ee402a25f/contracts/src/token/MultiToken.compact#L502) or [burn](https://github.com/OpenZeppelin/compact-contracts/blob/d8ee045f30153f49b11b82a2f891066ee402a25f/contracts/src/token/MultiToken.compact#L528) of an uninitialized token will revert due to an invalid lookup, rather than with an explicit error message.

## Recommendation

Consider skipping the balance update when the `value` is zero.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

L-01: Zero-value transfers may revert outside an assertion #425

Description

Recommendation

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

L-01: Zero-value transfers may revert outside an assertion #425

Description

Description

Recommendation

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions