Enso Exposes 'Toxic Pools' Faking DeFi Quotes on Ethereum and Polygon

ETH-1.64%
CRV-1.55%
UNI-2.60%

DeFi infrastructure firm Enso published a report on July 16 exposing a class of malicious liquidity pools that systematically fake price quotes to cryptocurrency traders. The pools, which Enso calls 'toxic pools,' return attractive quotes during transaction simulations but alter behavior during actual execution, causing traders to receive worse prices or failed transactions. One manipulated Curve pool triggered more than 37,000 reverted trades, forcing users to burn nearly $30,000 in gas fees. The exploit targets the simulation-based routing systems that wallets and decentralized exchange aggregators use to find optimal trading paths. Enso's investigation spanned two months of on-chain forensic analysis across Ethereum and Polygon blockchains, identifying active toxic pools and prompting the company to update its Enso Shield security product with dedicated detection capabilities.

Toxic Pools Exploit Simulation-Execution Discrepancy

The malicious pools exploit the off-chain 'dry-run' simulations that wallets use to preview trades, according to Enso's report. The contracts detect when they are running in a read-only simulation environment and return an artificially optimized price. Once the transaction is broadcast on-chain, the pool alters its mathematical logic to execute the trade at a degraded rate.

Milos Costantini, co-founder and chief product officer at Enso, stated: "Our investigation leads us to believe this is not simply another isolated smart contract exploit. The industry has spent years optimizing price discovery. Our findings suggest the next challenge is verifying execution integrity."

To remain hidden from security systems, these pools alternate between honest and malicious states, rendering static code scanners and historical reputation filters ineffective. On Polygon, a malicious 'hook'—a smart contract plugin used in platforms like Uniswap v4—lured routing systems with fake rates before triggering a 99.1% transaction failure rate.

Enso Documents $225,000 in Overstated Quotes on Ethereum

Enso's research, which combined historical archive-node data, transaction trace analysis and smart contract inspections, identified active toxic pools operating across Ethereum and Polygon. The team worked with contacts at Curve Finance and Oku during the investigation.

In one documented case study on Ethereum, a manipulated Curve pool processed more than 129,000 swaps. While the pool appeared to be the optimal route, it delivered worse execution than quoted, leading to approximately $225,000 in overstated quotes.

Enso's team identified multiple blockchain oracle contracts deployed by the same operator to support additional pools. The findings present challenges to wallets, consumer-facing interfaces and aggregators that depend on automated simulations to guarantee optimal trade paths.

Enso Updates Shield Product With Detection Capabilities

Enso announced it updated its execution-protection product, Enso Shield, to include dedicated toxic-pool detection. The security tool is designed to bypass standard simulation methods by analyzing live on-chain context, monitoring quote history and using transaction traces to spot execution discrepancies.

Costantini stated: "If transaction simulations can be manipulated while real execution tells a different story, we need better ways to verify what users actually receive."

Enso called on the wider cryptocurrency industry to conduct further research into the manipulation of transaction simulations. The company's report highlights potential legal and financial liability risks for wallet providers and interface operators who promise 'best execution' but routinely deliver toxic routes.

FAQ

What are toxic pools in DeFi? Toxic pools are malicious liquidity pools that return attractive price quotes during transaction simulations but alter their behavior during actual execution, causing traders to receive worse prices or failed transactions.

How much did users lose to the Curve pool exploit? One manipulated Curve pool triggered more than 37,000 reverted trades, forcing users to burn nearly $30,000 in gas fees. Another Curve pool delivered approximately $225,000 in overstated quotes across more than 129,000 swaps.

What did Enso do in response to toxic pools? Enso updated its Enso Shield product on July 16 to include dedicated toxic-pool detection capabilities that analyze live on-chain context and transaction traces to spot execution discrepancies.

Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the Disclaimer.
Comment
0/400
No comments