gas optimization via unchecked blocks creates tension with arithmetic safety guarantees

# gas optimization via unchecked blocks creates tension with arithmetic safety guarantees Solidity 0.8+ overflow protection costs additional gas per arithmetic operation, roughly 100-200 gas for the comparison and conditional revert. Developers under gas pressure use `unchecked { }` blocks to recover this cost, but each unchecked block reintroduces the exact vulnerability class the compiler was designed to prevent. Since [[unchecked arithmetic blocks reintroduce overflow vulnerabilities in post-0.8 solidity]], every unchecked block is an implicit claim that the developer's bounds analysis is correct. No general resolution exists; the tension is structural and each unchecked usage requires individual risk assessment. The same tension applies to [[inline assembly bypasses solidity safety checks including type enforcement and overflow protection|inline assembly]], which provides even greater gas savings but with even fewer safety guarantees. The tension has a DoS dimension beyond the gas/safety tradeoff: since [[solidity 0.8 default checked arithmetic converts overflow from a value manipulation vulnerability into a denial-of-service vulnerability]], keeping checked arithmetic eliminates value manipulation but introduces DoS via Panic(0x11) reverts when attacker-controlled inputs reach arithmetic operations. Using `unchecked` eliminates the DoS risk but restores silent overflow. This makes the tradeoff three-sided: checked arithmetic (DoS risk), unchecked arithmetic (value manipulation risk), or explicit `require`-based bounds validation (development cost). Division by zero (Panic 0x12) complicates this further because it [[division by zero in solidity always reverts even inside unchecked blocks making attacker-controlled denominators a hard DoS vector|reverts even inside unchecked blocks]], making it a hard DoS vector with no compiler-level opt-out. --- Relevant Notes: - [[unchecked arithmetic blocks reintroduce overflow vulnerabilities in post-0.8 solidity]]: the vulnerability this tension produces - [[solidity 0.8.0 introduced default arithmetic overflow protection making unchecked blocks the new attack surface]]: the protection that creates the gas cost - [[inline assembly bypasses solidity safety checks including type enforcement and overflow protection]]: assembly presents the same gas-vs-safety tension with even fewer guardrails - [[yul division by zero returns zero rather than reverting unlike solidity checked arithmetic]]: Yul extends this tension further: unchecked preserves div-by-zero protection, but Yul removes it entirely Topics: - [[vulnerability-patterns]] - [[solidity-behaviors]]