# cetus dex exploit demonstrated that unchecked arithmetic in post-0.8 solidity recreates overflow vulnerabilities In May 2025, the Cetus DEX lost $223M due to a missed overflow check in code that used `unchecked` blocks for gas optimization. The developers correctly identified the arithmetic operations as candidates for optimization but incorrectly assessed the input bounds — the actual input space was larger than their safety analysis assumed. This is the largest known exploit directly attributable to [[unchecked arithmetic blocks reintroduce overflow vulnerabilities in post-0.8 solidity|unchecked arithmetic in post-0.8 Solidity]] and demonstrates that [[gas optimization via unchecked blocks creates tension with arithmetic safety guarantees|developer judgment about arithmetic safety]] is an unreliable substitute for compiler-enforced protection. --- Relevant Notes: - [[unchecked arithmetic blocks reintroduce overflow vulnerabilities in post-0.8 solidity]] — the vulnerability pattern - [[gas optimization via unchecked blocks creates tension with arithmetic safety guarantees]] — the structural tension behind the developer's choice - [[solidity 0.8.0 introduced default arithmetic overflow protection making unchecked blocks the new attack surface]] — the protection that was opted out of Topics: - [[exploit-analyses]]