Yeah, if I were doing it I'd probably tend to be pretty cautious - if I see any popularly-used typeface that would confuse the characters I'd mark them as homographs.
It would absolutely have to be a pretty labor-intensive, manually-maintained database.
And thus extremely error prone. I think introducing IDNs at all was a mistake given the (security) cost-benefit tradeoff, and the best solution would be to scrap them but I realize that is unlikely to happen. Domain name script is probably the last place where cultural imperialism needs to be fought, it's just empty PC posturing and a way to extract some more easy money from gullible domain owners.
It would absolutely have to be a pretty labor-intensive, manually-maintained database.