According to the Readme, the protocol supports ETH as a payment token:
ERC-20 (ETH, WETH): Payments within Swan are made with an ERC20 compatible token. Oracle fees are also paid with such.
However this is not the case. If we start with the transferRoyalties() function, which is called within the list() and relist() functions, the asset creator can't pay the fees with ETH.
It is the same case with the purchase() function:
All instances of the BuyerAgent.sol
contract can't receive ETH as there is no receive() function implemented. Additionally the withdraw() and the treasury() functions can't withdraw ETH and can't calculate the balance of EHT the contract could potentially hold respectively.
The register() and unregister() function in the LLMOracleRegistry.sol
contract also doen't support ETH in order to pay for registration, and later on withdraw the stake.
The LLMOracleCoordinator.sol
contract also doesn't support ETH. In the request() function, the buyer agent can't pay the fee with ETH only with ERC20 tokens. The respond() and the validate() functions both call the _increaseAllowance() function which only increases the allowance for a certain ERC20 token. The withdrawPlatformFees() function also doesn't allow for ETH to be withdrawn.
Tokens that the protocol team claims should be supported are not.
Manual review
Support ETH as a payment token, check if the token address is 0 for example, and then use the low level call to transfer the tokens, be careful not to introduce reentrancy vulnerabilities.
Contest details specifically state that: "Payments within Swan are made with an ERC20 compatible token", WETH's address is mentioned as well. Everything is done through ERC20 functionality.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.