Yagi is currently a non-custodial protocol, however, keepers do require permissionless access to the task interface on a contract. Therefore, it is up to the task author to only use Yagi for non-exploitable actions such as rebalancing, harvesting, filling limit orders, etc.
Do not create external functions on your smart contract that could be exploited by malicious external actors
Last modified 9mo ago