Enso Research Uncovers Undocumented Malicious Liquidity Pools in DeFi
Enso Research has published an original research report exposing 'toxic pools', a previously undocumented form of malicious liquidity pool. On July 16, 2026, Enso discovered that these pools present accurate prices during transaction simulation but deliver different outcomes when actually executed on-chain.
The impact of toxic pools extends beyond isolated exploits and affects the quoting infrastructure. If crypto apps cannot distinguish between genuine and malicious quotes, they could repeatedly use fraudulent execution paths, resulting in substantial losses.
Enso's research identified two real-world examples of toxic pools on the Ethereum and Polygon networks. A Curve pool processed over 129,000 transactions successfully but delivered worse-than-quoted execution, leading to $225,000 in quote overstatement, over 37,000 reverted transactions, and almost $30,000 wasted in gas for failed swaps.
The report comes after approximately two months of on-chain forensic analysis that combined RPC data, transaction trace analysis, smart contract inspection, and independent validation supported by contacts from Curve and Oku. The Ethereum pool alternated between malicious and non-malicious states, rendering manual reviews and on-time simulations ineffective.
Discussing the findings, Enso's Co-Founder and CPO, Milos Costantini, said: 'Our investigation leads us to believe this is not simply another isolated smart contract exploit. The industry has spent years optimizing price discovery. Our findings suggest the next challenge is verifying execution integrity.'




