Skip to main content

Unchecked Math

What it detects

This detector flags usage of the unchecked keyword in Solidity 0.8+ where arithmetic operations are executed without the built-in overflow and underflow checks. While unchecked is sometimes used intentionally for gas optimization, it can silently reintroduce critical vulnerabilities, especially if inputs are not strictly validated.

It also highlights cases where arithmetic is done inside low-level assembly blocks, which similarly bypass Solidity’s safety mechanisms.

Unchecked math can occur in:

  • Arithmetic involving user-controlled values
  • Token or balance calculations
  • Counters, loops, and interest formulas
  • Subtraction, multiplication, or addition where safety assumptions may not hold

This detector helps identify those segments so developers and auditors can assess whether the unchecked block is justified and safe.

Typical symptoms

  • unchecked { ... } block wrapping arithmetic operations
  • Lack of input validation before unchecked math
  • Developer comments referencing “gas savings” or “safe by construction”
  • No fallbacks or bounds checks surrounding the logic
  • Assembly code manually performing arithmetic

Solidity snippet (v0.8.25)

pragma solidity ^0.8.25;

contract SkipChecks {
    function mul(uint256 a, uint256 b) external pure returns (uint256) {
        unchecked {
            // No overflow check performed
            return a * b;
        }
    }
}

Potential Issue

If a and b are both user inputs, and their multiplication exceeds 2**256 - 1, the result silently wraps to zero or a small value. This could:

  • Inflate balances
  • Break accounting
  • Allow unauthorized claims or payouts

Safe Alternative

function mul(uint256 a, uint256 b) external pure returns (uint256) {
    // Checked math — will revert on overflow
    return a * b;
}

Or if using unchecked:

function safeMul(uint256 a, uint256 b) external pure returns (uint256) {
    require(a == 0 || (a * b) / a == b, "Overflow");
    unchecked {
        return a * b;
    }
}

Why it matters on EVM

Solidity 0.8+ introduced built-in overflow and underflow protection as a major safety feature. Disabling those checks reintroduces risks from earlier Solidity versions, where most critical vulnerabilities stemmed from wrapping arithmetic.

Unchecked math can:

  • Inflate or corrupt balances
  • Cause irreversible financial miscalculations
  • Create logic inconsistencies exploitable by attackers
  • Lead to “silent failures” where wrong values are used with no error signals

While unchecked blocks can save gas in some edge cases (like internal counters or bounded loops), their use must be deliberate and protected by rigorous validation. This detector ensures any such logic is surfaced and reviewed.