Enso Identifies Toxic Pools Manipulating DeFi Trade Execution

ENSO0.06%
ETH-1.90%
CRV-2.63%
UNI1.95%

Enso released research identifying malicious liquidity pools called 'toxic pools.' These pools display accurate trading estimates during simulations but produce different results after on-chain execution. Toxic pools exploit the gap between simulated and actual blockchain execution, altering behavior after transactions are confirmed to deliver poorer outcomes for users while appearing as viable routing options. The study suggests the issue may represent a broader challenge for decentralized finance (DeFi) infrastructure as more applications rely on simulated transactions to determine optimal trading routes.

Enso Identifies Toxic Pool Manipulation Across Ethereum and Polygon

The research was conducted over approximately two months and involved on-chain forensic analysis using archive-node RPC data, transaction tracing, smart contract reviews, and independent validation with support from industry contacts at Curve and Oku. Enso identified two active toxic pools operating across separate protocols, indicating that the technique could potentially be reproduced across different DeFi environments.

The report distinguishes toxic pools from traditional MEV strategies or normal slippage events, noting that these mechanisms specifically target transaction simulation systems. By providing attractive simulated prices while changing execution conditions after transactions are submitted, malicious pools can influence routing decisions made by wallets and aggregation platforms.

The investigation examined two cases involving Ethereum and Polygon. In one instance, a modified Curve pool processed more than 129,000 successful swaps while providing execution outcomes below quoted expectations. The activity resulted in approximately $225,000 in overstated quotes, more than 37,000 failed transactions, and nearly $30,000 in gas costs associated with unsuccessful swaps. In another case, a malicious Uniswap v4 hook caused a 99.1% transaction failure rate after repeatedly attracting routing systems.

Enso noted that the threat differs from traditional smart contract exploits because it targets confidence in the transaction quoting process rather than a specific protocol vulnerability. If routing systems cannot identify manipulated pricing information, users may continue receiving trade recommendations based on execution paths that cannot deliver the expected results.

The research also found that one Ethereum-based toxic pool did not operate maliciously at all times. Instead, it switched between normal and manipulated behavior, making single simulations and manual assessments less effective. Researchers additionally identified several oracle contracts linked to the same operator, suggesting the approach could potentially be applied to additional pools.

"Our investigation leads us to believe this is not simply another isolated smart contract exploit," said Milos Costantini, Co-Founder and CPO at Enso in a written statement. "The industry has spent years optimizing price discovery. Our findings suggest the next challenge is verifying execution integrity. If transaction simulations can be manipulated while real execution tells a different story, we need better ways to verify what users actually receive," he added.

Enso Expands Shield System Following Toxic Pool Research

Following the publication of the research, Enso expanded its Enso Shield execution-protection system with additional toxic-pool detection and verification features. The system is designed to analyze real-time blockchain conditions, monitor quote consistency over time, and use transaction traces to identify discrepancies that may not appear in standard simulations.

Enso said the findings highlight wider concerns regarding execution reliability across wallets, aggregators, decentralized exchange aggregators, and other DeFi infrastructure providers that depend on simulated transaction data. The company called for further industry research and independent analysis to better understand and address potential risks associated with manipulated execution environments.

FAQ

What did Enso identify in its research?

Enso released research identifying a new category of malicious liquidity pools called 'toxic pools' that display accurate trading estimates during transaction simulations while producing significantly different results after on-chain execution.

How much financial impact did the Ethereum toxic pool case cause?

In one Ethereum case, a modified Curve pool processed more than 129,000 successful swaps and resulted in approximately $225,000 in overstated quotes, more than 37,000 failed transactions, and nearly $30,000 in gas costs associated with unsuccessful swaps.

Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the Disclaimer.
Comment
0/400
No comments