# integer overflow dropped from second to eighth risk after solidity 0.8 default protections Since [[solidity 0.8.0 introduced default arithmetic overflow protection making unchecked blocks the new attack surface]], compiler-enforced overflow checks removed the most common manifestation of integer vulnerabilities. The drop from #2 to #8 in the OWASP ranking quantifies this impact. However, the risk is not eliminated: older contracts compiled pre-0.8.0 remain vulnerable, custom math libraries may contain unchecked operations, and [[unchecked arithmetic blocks reintroduce overflow vulnerabilities in post-0.8 solidity|explicit unchecked blocks reintroduce the attack surface]]. The [[cetus dex exploit demonstrated that unchecked arithmetic in post-0.8 solidity recreates overflow vulnerabilities|Cetus DEX exploit]] ($223M, 2025) proves that the residual risk from unchecked blocks is still significant. --- Relevant Notes: - [[solidity 0.8.0 introduced default arithmetic overflow protection making unchecked blocks the new attack surface]] — the change that caused this drop - [[unchecked arithmetic blocks reintroduce overflow vulnerabilities in post-0.8 solidity]] — the residual risk - [[owasp smart contract top 10 2025 ranks access control as the highest risk category]] — the full ranking context Topics: - [[vulnerability-patterns]]