Warn users whenever an ENS name contains a homoglyph vulnerability

[omnat]

This issue was on extension repo, and it applies to mobile too. Copying here

Details here: MetaMask/metamask-extension#9129

Problem

An ENS name is a UTF-8 compatible string of text. That means there are many characters that have the same appearance, or homo-glyph.

This can cause some concerns when using an ENS name:

• Pasting an ENS name that looks correct could actually be wrong. as tweeted recently
• Reverse-resolved ENS names could appear familiar but actually be deliberately crafted to be deceptive.

MyCrypto has a tool called ens-validation that can do the hard part of this already, we just need to design & display the appropriate warnings.

Acceptance criteria:

• Entering a homoglyph-impersonation name on the send screen to field should show a warning. Can verify with vita‍lik.eth, which is not the same as vitalik.eth.
• A confirmation screen showing an ENS name should also show a warning under any homoglyph-containing name. We could also simply not resolve a homoglyph-containing name.

Possible copy for the warning:

This name has some deceptive letters in it that resemble other letters. It is probably trying to impersonate another well-known name. Did you get this name from someone you trust?

[omnat]

Action points

• Review this PR and suggest alternative copy and what's a good UI component & timing to use for the error message

[omnat]

Any updates on this one @rachelcope @cjeria ?

[rachelcope]

@cjeria let's sync on this today during our 1:1

[rachelcope]

Here's the alternative copy that @cjeria and I worked on...

GIVEN: A user is entering an ENS name in the send flow
WHEN: The send recipient has an ENS name that contains a homoglyph
THEN: An alert should appear warning users of the risk:

"We have detected an unusual character/s (homoglyph) in the ENS name entered. Check the ENS name/address with your recipient to avoid potential scam."

AND: The homoglyph character should be red text

@cjeria would be the best person to determine what UI alert message component should be used for mobile

[rachelcope]

What happens in the use case that an ENS name is created in another language (e.g., Greek, Hebrew, etc) that uses homoglyph characters?

[cjeria]

Reusing the generic warning message component here. And the link to the design. https://www.figma.com/file/Ny0UospSv8UHgluAMnbbTE/Homoglyph-Warning?node-id=1%3A70

[cjeria]

Came across this homoglyph attack generator while looking at this issue with @rachelcope the other day. It lets you easily generate name with names with homoglyph characters like Ꮩitalik.eth http://www.irongeek.com/homoglyph-attack-generator.php

[omnat]

Made some comments on the Figma file @cjeria @rachelcope
https://www.figma.com/file/Ny0UospSv8UHgluAMnbbTE/Homoglyph-Warning?node-id=0%3A1

[cjeria]

Here's an updated mock for this warning. I've added a line to the copy suggest by Omna.

One question up for debate is whether we should block the user from continuing if a glyph is detected. I'm leaning toward blocking as this could be dangerous. However, I'm not sure if non-scammers are using homoglyphs in their ENS names?

feedback welcomed @omnat @rachelcope @jakehaugen