CoreJam and Force Transfer

Hey All,

Does anyone know if CoreJam will deprecate force transfer? While it probably made sense to include this functionality initially, in my opinion this functionality will become a significant issue at some point in time (in ways I don’t think most yet can appreciate). And when it gets abused (and it will), the trust loss in the system will likely be enormous. Would be interested in what others thoughts are.

I have read this matter of “force transfer is spooky and bad” quite a few times in governance context, so I will make this post be an excuse to explain why I think it is not a big deal:

There are two layers of governance:

  1. Onchain governance, what can be decided by token holders.
  2. Miner governance, the software that validators and miners decide to run and dictates the protocol.

First, let’s acknowledge that the latter trumps everything. The latter is the social consensus and is the backbone of everything we do here. I have used this example many times to dispel “Oh bitcoin is great because it has fixed issuance”. No. The moment bitcoin miners decide to run a software that alters this assumption, it no longer has fixed isuance. And if the majority of miners agree on that, that is what Bitcoin now is. So at a meta level, everything can be forced. Be it a “transfer”, or minting tokens.

Second, so long as the onchain holders have access to dispatching system::set_code, they can already set the intention to do anything. I want to emphasize anything. So the fact that something like balances::force_transfer exists is a mere shorthand for what is already possible.

The origin needed to dispatch both is Root, and truth is if someone with bad intent can pass a governance proposal with Root they can already do many bad things to the system.

We could agree that something like balances::force_transfer is so “frowned upon” that we should not even expose this shorthand for it (to which I personally disgaree). But this is a mere discouragement of the usage, and won’t prevent anyone from actually running a force transfer if they can obtain Root.

In other words, the fact that Polkadot exposes balances::force_transfer does’t inherently make it any different from any other blockchain, or a clone of Polkadot that didn’t have balances::force_transfer. It is a shorthand for an operation that might be useful, and was already available because of system::set_code.