Blockchain infrastructure company Enso has published new research describing a previously undocumented category of malicious liquidity pools capable of manipulating transaction simulations while producing materially different outcomes during on-chain execution.
The company refers to these pools as "toxic pools," arguing that they expose a broader weakness in decentralized finance infrastructure rather than a vulnerability affecting a single protocol.
As wallets, DEX aggregators and routing engines increasingly depend on transaction simulations to determine the best execution path, the research suggests malicious pools can exploit that reliance by presenting attractive quotes during simulations before changing their behavior when transactions are actually processed on-chain.
Manipulating simulations instead of smart contracts
According to Enso, toxic pools differ from more familiar trading risks such as slippage or maximum extractable value (MEV). Instead of exploiting users after a trade has been submitted, they are designed to deceive the simulation process itself.
During a simulated transaction, the pools return prices that make them appear to offer the most competitive execution. Once the transaction is included in a block, however, the pools alter their behavior, causing traders to receive less favorable execution than originally quoted while still appearing to routing systems as the optimal path.
The company argues that this creates a new execution-quality challenge for wallets and aggregators, which may unknowingly continue directing users toward manipulated liquidity because the simulation results appear legitimate.
The research is based on approximately two months of forensic analysis combining archive-node RPC data, transaction tracing, smart contract inspection and independent validation. Enso said the investigation also benefited from discussions with contributors from Curve and Oku.
During the research, engineers identified two active toxic pools operating on different decentralized exchange protocols but using similar techniques, suggesting the attack model is not limited to a single ecosystem.
One documented case involved a manipulated Curve liquidity pool on Ethereum that processed more than 129,000 successful swaps while consistently delivering worse execution than its quoted prices.
According to Enso, the discrepancy resulted in approximately $225,000 of overstated quotes, more than 37,000 failed transactions and nearly $30,000 in gas costs spent on reverted trades.
A second example focused on a malicious Uniswap v4 hook deployed on Polygon. The researchers reported that the hook generated a transaction failure rate of roughly 99.1%, repeatedly attracting routing algorithms before causing transactions to revert.
Behavior changes over time
One aspect that surprised researchers was that the Ethereum-based pool did not behave maliciously all the time. Instead, it alternated between honest and manipulated execution, making periodic simulations or manual inspections insufficient to identify the pattern.
The investigation also uncovered several oracle contracts deployed by the same operator to support additional liquidity pools, suggesting that similar techniques could potentially be replicated across other markets.
"Our investigation leads us to believe this is not simply another isolated smart contract exploit," said Milos Costantini, co-founder and chief product officer at Enso. "The industry has spent years optimizing price discovery.
Our findings suggest the next challenge is verifying execution integrity. If transaction simulations can be manipulated while real execution tells a different story, we need better ways to verify what users actually receive."
Execution verification layer expanded
Alongside the publication of its findings, Enso announced new capabilities for Enso Shield, the company's execution-protection layer.
The updated system introduces dedicated toxic-pool detection and execution verification tools that go beyond standard transaction simulations.
Rather than relying solely on simulated quotes, Enso Shield continuously evaluates live on-chain conditions, monitors quote consistency over time and verifies completed execution using transaction traces to identify discrepancies that conventional simulation methods may overlook.
Enso believes the research raises broader questions about execution integrity across decentralized trading infrastructure, particularly for wallets, DEX aggregators and routing protocols that depend heavily on simulated transaction results.
Rather than attributing responsibility to any individual protocol, the company is encouraging further industry research and independent validation to determine how widespread similar attack patterns may be and whether additional safeguards are needed to improve execution transparency across decentralized finance.

Dan Burgin
U.Today Editorial Team