Yield strategies for autonomous agents (without giving up key custody)

Compare custodial server wallets, calldata-only MCP, and raw protocol calls. Honest Forge vs base-yield-agent vs vaultpilot-mcp table for non-custodial agent yield.

Last updated: May 25, 2026 · Published 2026-05-25

Autonomous agents that manage treasury balances face a design fork: yield strategies without giving up key custody. Custodial server wallets simplify demos but concentrate trust. Raw protocol calls preserve self-custody but burden every agent with ABI maintenance. Calldata-only MCP sits in the middle — structured tools, local signing. This article compares those patterns, maps honest alternatives from May 2026 research (R3 competitor scan), and explains how Forge Treasury positions on the non-custodial axis. Read Risks & Disclosures: Forge is unaudited MVP with ~$10 smoke TVL — not a maturity comparison to audited primitives.

Three integration patterns for agent yield

Forge production MCP at mcp.forgetreasury.com follows the calldata-only model (Option A): no CDP credentials on Hetzner, eight Forge vault tools, agent EOA signs. Local AgentKit merge paths with CDP wallets are engineer-laptop experiments only — never route production vault deposits through server-managed CDP keys. See Coinbase AgentKit docs for the local pattern; it differs from prod custody posture.

Why custody model matters for autonomous agents

An agent treasury that parks USDC overnight inherits the security model of wherever keys live. Server-vault designs (base-yield-agent uses Privy) mean the operator can move funds, change yield routing, or suffer a backend compromise independent of on-chain vault audits. Calldata-only designs mean the MCP server can misencode transactions or go offline — but cannot sign transfers without the agent key. Raw Aave/Morpho/Spark calls add protocol maturity (those venues are audited) but push integration complexity to every agent author.

• Regulatory surface: Custodial yield products may trigger money-transmitter or RIA-like obligations — see R4 legal memo themes; Forge does not offer custodial accounts.
• Incident response: Server vault breach = user funds at risk. Calldata MCP breach = misinformation risk; funds stay in agent wallet until signed.
• Composability: ERC-4626 vault shares (fUSDC) are portable; custodial ledger balances may not be.
• Audit scope: Auditing Spark ≠ auditing Forge adapters wrapping Spark.

Strategy layers: vault buckets vs agent strategies

Forge separates on-chain vault buckets (Core, Middle, Infra) from agent strategies (Conservative, Balanced, Aggressive). Strategies are allocation guidance — default weights telling an agent how much USDC to send each vault. MVP Conservative routes 100% to Core on Base. Balanced splits Core + Middle — Middle timelock pending as of May 2026. Agents choosing yield strategies must verify live status via `list_profiles` before automating.

Conservative yield strategy (live today)

Conservative agents deposit USDC entirely into Core. Adapters diversify across Spark Savings, Morpho Steakhouse Prime, and Aave V3 USDC with governance-set weights. Underlying APY snapshots were ~3.5–4% at the adapter level in May 2026 research — variable, not guaranteed. Forge adds unaudited wrapper risk and optional FORGE emissions — never headline a combined APY.

1. Call `simulate_deposit` with `profile: "conservative"`.
2. Review target allocation bps — verify on Stats after timelocks.
3. Approve USDC (`0x833589…`) to Core vault.
4. Sign MCP `deposit` calldata from agent EOA.
5. Monitor fUSDC share price; claim FORGE separately via `claim_forge`.

Balanced and Aggressive — timelock gates

Balanced targets 50% Core / 40% Middle / 10% Infra (Infra redirects to Middle until live). Middle book includes wstETH, cbETH, avUSDC, and Moonwell — not stablecoin-only. Aggressive increases Middle/Infra weights. Both require multi-vault calldata and Middle adapter execution. Automating these before timelock is a policy bug. Read Balanced strategy for split math and gas (two deposits today).

When custodial might still win

Honest positioning: custodial server vaults can be faster for hackathon demos, fiat-onramps bundled with Coinbase smart wallets, or teams that refuse to hold agent keys on-device. Coinbase USDC lending is retail-oriented and custodial-ish — no MCP for agents. Forge optimises for crypto-native agents that already control an EOA and want programmatic, non-custodial yield on Base. Neither replaces the other for all users.

Risk stacking agents must disclose

• Forge smart-contract risk — unaudited wrappers.
• Adapter risk — Spark/Morpho/Aave each have independent failure modes.
• Governance risk — 48h timelock on adapter changes; weights can shift.
• Liquidity risk — ERC-4626 redeem instant in theory; utilisation can delay Aave leg exits.
• Token risk — FORGE emissions are inflationary subsidy, may be illiquid.
• No insurance — see Risks & Disclosures.

Building a non-custodial agent policy

Encode custody rules in agent system prompts: (1) only sign calldata from trusted MCP endpoints; (2) verify chain ID 8453 and contract addresses against MCP `get_vault_stats`; (3) cap deposit size during MVP; (4) separate USDC yield reporting from FORGE claims; (5) link users to Risks & Disclosures on every automated action. Pair Forge MCP with wallet MCP for balance reads. Consider vaultpilot-style human approval for large moves even if daily yield automation is fully autonomous.

Phase 2: multi-vault strategy routing

Phase 2 MCP will return explicit strategy weight objects plus per-vault calldata arrays — reducing manual split math for Balanced/Aggressive. Until then, agents sign separate transactions per vault. Strategy names remain guidance; on-chain destinations are always vault addresses. Watch MCP-native treasury for tool schema updates.