DeFi infrastructure firm Enso has documented a new class of malicious liquidity pools, dubbed "toxic pools," that fake favourable price quotes during trade simulations and then execute at worse rates on-chain. Its July 16 research found active pools on Ethereum and Polygon, with one Curve pool tied to approximately $225,000 in overstated quotes.
A new attack is exploiting the price-simulation step that crypto wallets and trading interfaces rely on, and it does not drain smart contracts directly. Instead, malicious liquidity pools return attractive quotes during a preview and then execute the trade at a degraded rate, according to research published July 16 by DeFi infrastructure firm Enso.
Enso calls the setups "toxic pools." They return competitive prices when a wallet or decentralized exchange (DEX) aggregator runs a simulation, but change behaviour the moment the transaction hits the blockchain. The result, Enso says, is that traders receive worse execution than quoted, or their transactions fail and burn network fees.
How the bait-and-switch works
The malicious contracts detect when they are running in a read-only "dry-run" simulation and return an artificially optimized price. Once the transaction is broadcast on-chain, the pool alters its mathematical logic to execute at a worse rate. To stay hidden, the pools alternate between honest and malicious states, which Enso says renders static code scanners and historical reputation filters ineffective.
That design carries real costs. In one case study, a manipulated Curve pool triggered more than 37,000 reverted trades, forcing users to burn nearly $30,000 in gas fees. On Polygon, a malicious "hook" used in platforms like Uniswap v4 lured routing systems with fake rates before triggering a 99.1% transaction failure rate.
What the forensic analysis found
Enso's research spanned roughly two months of on-chain forensic work, combining archive-node data, transaction trace analysis and smart contract inspections, with support from contacts at Curve Finance and Oku. It identified active toxic pools on both Ethereum and Polygon.
In one documented case on Ethereum, a manipulated Curve pool processed more than 129,000 swaps, leading to approximately $225,000 in overstated quotes. Enso also identified multiple oracle contracts deployed by the same operator, which the firm says indicates the tactic is likely more widespread than the two documented cases.
In response, Enso said it has updated its Enso Shield product to add toxic-pool detection by analyzing live on-chain context, quote history and transaction traces. Rather than blame individual exchanges, the firm called on the wider industry to research the manipulation of transaction simulations. According to Enso, co-founder Milos Costantini called for better verification of execution: "we need better ways to verify what users actually receive."
Source: Bitcoin News
Trading involves risk.