Enso reveals a malicious liquidity pool attack, causing approximately $225,000 in inflated quotes in the Curve pool
DeFi infrastructure company Enso disclosed in a report a type of malicious liquidity pool called "toxic pools," which manipulates trading simulations to return false optimal quotes to wallets and DEX aggregators, and alters logic during actual on-chain execution. Enso stated that the relevant malicious contracts can identify read-only simulation environments and return optimized prices, but once the trades are broadcasted on-chain, they execute at worse prices or result in transaction failures.
A manipulated Curve pool processed over 129,000 exchanges, resulting in approximately $225,000 in inflated quotes, with over 37,000 transactions rolling back and consuming nearly $30,000 in gas fees. On Polygon, a malicious Uniswap v4 hook attracted routing systems with false exchange rates, subsequently triggering a 99.1% transaction failure rate. Enso stated that it has updated its execution protection product Enso Shield to detect false quotes in Ethereum and Polygon environments.






