# unchecked arithmetic blocks reintroduce overflow vulnerabilities in post-0.8 solidity Since [[solidity 0.8.0 introduced default arithmetic overflow protection making unchecked blocks the new attack surface]], all arithmetic operations revert on overflow by default. However, the `unchecked { }` escape hatch restores pre-0.8 wrapping behavior and is widely used to save gas on operations developers believe are safe. Beyond explicit `unchecked` blocks, two additional overflow paths exist in post-0.8 Solidity: typecasting truncation (casting `uint256` to `uint8` silently discards upper bits) and shift operators (which lack overflow checks even outside unchecked blocks). The [[cetus dex exploit demonstrated that unchecked arithmetic in post-0.8 solidity recreates overflow vulnerabilities|Cetus DEX exploit]] ($223M, May 2025) proved that developer judgment about arithmetic safety is unreliable — the overflow check was omitted for gas optimization but the input space was larger than expected. This creates a fundamental tension: since [[gas optimization via unchecked blocks creates tension with arithmetic safety guarantees]], every `unchecked` block is a bet that the developer's bounds analysis is correct. --- Relevant Notes: - [[solidity 0.8.0 introduced default arithmetic overflow protection making unchecked blocks the new attack surface]] — the default protection these blocks opt out of - [[cetus dex exploit demonstrated that unchecked arithmetic in post-0.8 solidity recreates overflow vulnerabilities]] — the canonical exploit - [[gas optimization via unchecked blocks creates tension with arithmetic safety guarantees]] — the structural tension - [[yul division by zero returns zero rather than reverting unlike solidity checked arithmetic]] — unchecked blocks preserve division-by-zero protection; Yul removes even that, representing a further erosion of arithmetic safety Topics: - [[vulnerability-patterns]]