Recently, I've been looking at the APY of yield aggregators again. The numbers look quite appealing, but honestly what you're getting isn't "yield," but a series of contract calls plus a bunch of counterparty assumptions: the money is first taken by its vault/strategy contract, then cycled through other protocols / swapped / borrowed, and if any link slips, it could turn into a failed transaction or someone front-runs and takes a cut. What's more annoying is that many people only focus on the front-end APY, without paying attention to who holds the permissions, whether it can be upgraded, or who the underlying assets are actually pledged to... For someone like me who watches nonces and transaction packing order, seeing a bunch of approve + delegatecall makes me instinctively frown. Recently, hardware wallets have been out of stock, phishing links are rampant, and everyone's suddenly hyper-aware of security, but when they click on "high APY" pages, they start signing quickly... Anyway, there are plenty of tutorials, but I only pay attention to those that clearly explain the fund flow and permissions, and also include transaction hashes for you to review on your own.