Enso is an innovative crypto company that makes it far easier to build and deploy projects on-chain. Users have access to ‘Actions’, a library of modular interactions with Decentralized Finance (DeFi) protocols. For example, lending/borrowing on Aave or swapping on Uniswap, so developers no longer have to manually integrate blockchain protocols into their applications.
On July 16, 2026, Enso published an original research report exposing “toxic pools”, a previously undocumented form of malicious liquidity pool. They present accurate prices during transaction simulation, but deliver different outcomes when actually executed on-chain.
If you’re not a blockchain developer, it can be difficult to gauge the risk of toxic pools in everyday activities. Enso’s findings suggest that the danger extends past isolated exploits.
It’s becoming increasingly common for wallets, aggregators, and DeFi apps to leverage transaction simulation to determine the optimal (lowest-cost, most efficient) execution paths for blockchain transactions.
Toxic pools can manipulate trade simulations, tricking applications into thinking they’re the best execution venue, while masquerading as genuine pools. Users receive a price quote, confirm the transaction, and then receive less than the quoted price, while the pool still appears to be the optimal execution path to the routing system.
While regular exploits tend to target a specific smart contract or platform, toxic pools directly affect the quoting infrastructure. If crypto apps cannot distinguish between genuine and malicious quotes, they could repeatedly use these fraudulent execution paths, resulting in substantial losses.
The report comes after approximately two months of on-chain forensic analysis that combined RPC data, transaction trace analysis, smart contract inspection, and independent validation supported by contacts from Curve and Oku.
The research identified two real-world examples of toxic pools on the Ethereum and Polygon networks:
The toxic pool scheme could be more advanced than initially expected. Researchers found the Ethereum pool alternated between malicious and non-malicious states, rendering manual reviews and on-time simulations ineffective.
Discussing the findings, Enso’s Co-Founder and CPO, Milos Costantini, said:
“Our investigation leads us to believe this is not simply another isolated smart contract exploit. The industry has spent years optimizing price discovery. Our findings suggest the next challenge is verifying execution integrity. If transaction simulations can be manipulated while real execution tells a different story, we need better ways to verify what users actually receive.”
As transaction-simulation-focused systems rise in prominence, the risk of toxic pools grows exponentially. Because it had not been documented until now, there was a significant risk that the exploit could become widespread. Billions of dollars flow through DeFi apps daily, meaning the losses could have been extreme.
While Enso’s findings raise developers’ awareness of toxic pool issues, the company has expressed concerns about the industry’s reliance on trade simulations. Due to the wide-reaching ramifications, Enso is promoting industry-wide research and independent validation rather than attributing responsibility to individual protocols.
The importance of Enso’s research is clear. Making it publicly available helps the concept become more widely understood, potentially driving further conversions and advancing a solution for the entire crypto industry. The full report by Milos Costantini and Lead Engineer Brendons Karelis is available at: https://hackmd.io/@milonite7/rJne_iQQfe