Home

Awesome

ENS Spoofing Bot

ENS Spoofing Bot detects attacks in which someone registers a name visually similar to an existing one.

Forta Protocol, which monitors blockchain events in real-time, together with this bot allows attacks to be detected before they happen or to minimize the damage from them. What's more, every ENS user will be able to receive an alert if it happened to their name.

https://explorer.forta.network/bot/0x907254168eec2d601d2dc097e1dda89c80bbabb9d961c30bdf1eeeaa556dd99e

Table of spoofing techniques supported by the bot.

ENS Spoofing Bot

The problem

Names in the Ethereum Name Service are unique, but there are no restrictions on registering look-alike names that are visually very difficult to distinguish from genuine ones. For example, having a name vitalik.eth, an attacker can register a similar name by replacing the symbol lowercase L with uppercase i: vitaIik.eth. The name is visually similar, but it is treated by the protocol as a completely different name, with its own hash, as well as an address bound to it.

This type of attack is called a homograph attack. Regarding the ENS protocol, it can be performed in the following ways:

ENS fights this attack pretty hard by normalizing names before they are registered, as well as warning against using non-ascii characters on its site. However, to save gas, such checks have been implemented off-chain, on the frontend side. Any user can register a name bypassing the official site by calling the protocol contract directly.

Spoofing Techniques

Below you will find examples of spoofing techniques that can be detected by this bot.

Original nameSpoofing nameTechnique
bitcoin.ethBitcoin.ethUppercase
danger.ethdаnger.ethCyrillic Homoglyph
glukk.ethglükk.ethUnicode Homoglyph
wildcat.ethw1ldcat.ethASCII Homoglyph
vitalik.ethvitalik​.ethZero Width Space
wildcat100vv1lḍCatl00Multiple Techniques

Supported Chains

Alerts

Test Data

No data yet