The Simulation Mirage: How Malicious Pools Are Exploiting DeFi Routing's Trust in Pre-Execution Quotes

Leotoshi Price Analysis

The data suggests something is deeply wrong with the Polygon Uniswap v4 pools. A specific hook-deployed pool shows a 99.1% transaction failure rate over 129,000 attempts. That is not a bug. That is a pattern.

Most traders and wallet UIs would see a failed transaction, shrug, and retry. But if you trace the gas cost anomaly back to the EVM, you realise that every single revert consumed gas — roughly $30,000 in total fees burned on a single pool. The operator did not lose money. They gained $34,600 in captured arbitrage from the 0.9% of successful trades that went through at manipulated prices.

This is not a frontrun. This is not a sandwich. This is a new class of DeFi attack: the simulation spoof. The attacker deploys a liquidity pool that, during a wallet’s or aggregator’s pre-execution simulation, returns a perfectly valid quote. But when the actual transaction is sent, the pool’s custom logic (via Uniswap v4 hooks or Curve’s internal swap modifiers) either reverts the trade or executes at a drastically worse price.


Context: The Optimisation That Became a Vulnerability

DeFi routing is built on a trust assumption: simulation equals execution. When you trade on 1inch, ParaSwap, or even MetaMask’s built-in swap, the UI queries multiple liquidity pools, simulates each potential trade path using a static call, and picks the one that yields the highest output. This is efficient. It saves gas. It gives users the best price without needing multiple on-chain transactions.

But the assumption is that every pool behaves identically during simulation and execution. That assumption is false.

In June 2024, security firm Enso (formerly known for MEV analysis) published a detailed report on a series of anomalous pools on Ethereum’s Curve and Polygon’s Uniswap v4. The same operator deployed multiple contracts across both chains. On Curve, the pool consistently returned inflated quotes during eth_call simulations, luring aggregators. When a real swap was submitted, the pool executed the trade at a much worse price, profiting the operator via internal arbitrage. On Uniswap v4, the hook logic checked if the call was from a known simulation context (like eth_call with no gas limit) versus a real transaction (with constrained gas and sender address). If simulated, it returned a favourable rate. If executed, it reverted 99.1% of the time — ensuring the operator only processed trades where the fake quote had already been exploited by another bot.

The total profit was modest: $34,600 across both chains. But the technique is terrifying because it is reproducible, scalable, and nearly invisible to standard security audits.


Core: Dissecting the Attack at the Opcode Level

Let me trace this from the compiler upward.

Standard liquidity pools implement a simple swap function that computes output based on the constant product formula. The external caller sends tokens in, the pool sends tokens out. During simulation, the EVM executes a STATICCALL to the pool’s swap function, which returns the output amount. The aggregator then compares this output across pools.

The malicious pool modifies this flow using Uniswap v4’s beforeSwap and afterSwap hooks. The hook can access msg.sender, gasleft(), and tx.origin. The attacker checks whether the call is coming from an aggregator contract (known address) and whether the gas limit is unusually high (simulations often set gas limit to block.gaslimit or infinity, while real transactions have specific gas limits). If both conditions match, the hook returns a fake output — say 100 DAI for 1 USDC instead of the real 99.5. The aggregator sees this, records the best quote, and submits the real transaction. The hook then executes the real logic, which either reverts (if the operator wants only to waste gas) or executes at the true rate (if the operator wants to capture the difference).

On Curve, the attack is subtler. Curve’s pool allows customisable fee structures and internal price oracles. The attacker configured the pool to return a simulated price that was 0.5% better than any honest pool. During execution, the pool’s internal oracle adjusted the actual price to the worse side, effectively giving the operator a risk-free arbitrage against the user’s expected output.

In my 2017 audit of Uniswap v1, I learned a critical lesson: any divergence between simulation and execution is a security hole. The EVM’s STATICCALL opcode explicitly forbids state changes but does not enforce that the returned data is honest. A malicious contract can return any data it wants during a static call. The aggregator has no cryptographic guarantee that the same contract will behave identically when called in a non-static context.

This is not an EVM bug. It is a design gap in the DeFi routing stack. The industry optimised for speed and gas efficiency and forgot to verify execution integrity.


Contrarian: Why This Matters More Than the $34k Suggests

The common reaction is: “It’s only $34,000. The attacker’s pool is now blacklisted. Move on.” That is naive.

First, the same operator deployed other contracts across Ethereum and Polygon that have not been fully analysed. Enso confirmed that “the same operator has deployed additional contracts beyond the two highlighted cases.” The scope is wider than one article.

Second, the attack vector is cheap. Deploying a Uniswap v4 pool costs under $50 in gas. Writing a hook requires basic Solidity knowledge. The total gas burned by failed transactions was $30,000 — but that was paid by users, not the attacker. The attacker only gains when a trade goes through at an exploited rate. If the attacker can attract even moderate volume from a popular aggregator, the profit scales linearly with TVL. A single malicious pool front-running the top 10 aggregators could extract millions.

Third, this breaks the implicit social contract of DeFi. Users trust that the price they see is the price they will get. Aggregators trust that pool operators are honest. Once this trust is broken, the entire routing model needs rethinking. We might see a return to on-chain order books or verified execution proofs for every trade.

From my experience building a fraud proof simulation for Optimistic Rollups in 2020, I learned that any system relying on a third-party oracle for state reads is vulnerable to lie-to-auditors patterns. The same pattern applies here: the pool lies during the simulation to pass the aggregator’s filter, then executes truthfully (or maliciously) on-chain.

There is also a deeper systemic risk. If this attack becomes widespread, aggregators will be forced to either whitelist pools (centralising liquidity) or perform on-chain secondary checks (increasing gas costs). Both outcomes reduce DeFi’s permissionless advantage.

Finally, the timing matters. We are in a bull market euphoria where every new pool is celebrated. Hooks are marketed as the next evolution of DEX design. Uniswap v4’s launch was one of the biggest events of the year. Finding that hooks enable this kind of manipulation should raise questions about whether Uniswap Labs plans to introduce a hook registry or mandatory audit requirements. So far, silence.


Takeaway: The Simulation Era Needs a Verification Layer

Enso has launched Enso Shield, a real-time monitoring tool that detects simulation anomalies by comparing expected vs actual outputs for large trades. It is a start, but it is reactive. The industry needs a proactive standard: every aggregator should require a signed commitment from the pool’s deployer that the STATICCALL response matches the real execution. This could be done via a registry or a new opcode like SIMCALL that forces state consistency.

Until then, the $34,000 is a warning shot. The next one might not be so small.


Signatures:

Tracing the gas cost anomaly back to the EVM, I found that the failure rate itself was the signal. A 99.1% failure rate is not a coincidence — it is a filtration mechanism.

Based on my audit experience with Uniswap v1, I knew that static call honesty is not enforced. This attack was inevitable.

The real difference between OP Stack and ZK Stack is that ZK Stack could theoretically prevent this by enforcing state consistency proofs — but that is still years away for DeFi routing.