Layer-2 for beginners

https://gourmetcrypto.substack.com/p/layer-2-for-beginners

Ali Atiia, Mar 202

Misinformation campaigns in the crypto space increase dramatically during bull cycles. Many sidechain projects misleadingly present themselves as layer-2 scaling solutions. This article explains what makes a chain an L2, for absolute beginners.

Typically the layer-1 chain (L1) has higher security and liquidity, and the layer-2 (L2) is a new chain wanting to leech security and liquidity from L1. Let's walk through a simple example to understand what that means, for absolute beginners, especially those who are just joining us here in crypto land (hi there 👋 welcome .. WATCH OUT!!!! oh uh, you just got rugged buddy, ops. What? It means you kinda lost your money …woo calm down!... you gonna call who?? What the hell is "The BBB" ??) So you have 100 Dai on the Ethereum blockchain, it says so on your Metamask. But how does Metamask know? It's communicating with the Ethereum p2p network via an ethereum-node-as-a-service provider called Infura. But what does it really mean to have 100 Dai? It means that the Dai contract, which is a piece of software comprised of code and data that live on the Ethereum blockchain, has your address that you see in your Metamask, and next to it the number 100.

Back to the new shiny chain that may or may not be an L2, let's call this chain Macau. You want to "move" your 100 Dai from Ethereum to Macau because you want to buy something over there, or trade at cheaper gas prices, or maybe you just want to do something to feel something.

So how do you move your 100 Dai from Ethereum to Macau? Obviously you send an email to Vitalik's Masternode HQ and ask him to move it…. No, you actually transfer ownership of your 100 Dai to another contract on the Ethereum blockchain, which is typically referred to as the "deposit" contract (think of it like the deposit window at a casino).

Step 1/4: you send 100 Dai to Macau's deposit contract on the Ethereum blockchain.

Macau’s miners/validators detect your deposit because they constantly watch the Ethereum blockchain, particularly that deposit contract, and one of them says to the others: "hey guys! guys! we have a new victim, quick! look busy, ahem". She then says to you: "welcome chad, glad you could join us, here’s a 100 synthetic Dai for you to play with on our chain, freshly minted in this new Macau block that I just mined/validated".

Step 2/4: you are issued a 100 IOU notes on Macau (think casino chips) representing a claim on the real 100 Dai that is locked up on the deposit contract on Ethereum. We call these notes synthetic Dai, or sDai for short.

You being "on Macau" practically means you are on some website, which has some Javascript that is communicating with the Macau p2p network. Exactly like you are "on Ethereum" when you are e.g. on Aave’s website to borrow or on Uniswap’s website to trade: the Javascript on these frontends package a borrow/swap transaction for you, feed it to your Metamask, you sob for 5 minutes after seeing the gas fee, then proceed to click "Confirm" to sign and broadcast your transaction. You're familiar with this workflow.

It's the same thing with Macau. In fact, it may even be the same exact workflow if Macau is a fork of Ethereum, like Binance's BSC or Avalanche's C-Chain because you can use Metamask with both, without the need for a specialized wallet to sign packaged transactions. This is because the address format and the cryptographic signature scheme is the same in Ethereum/BSC etc.

Step 3/4: do stuff with the 100 sDai on Macau, e.g. trade, farm, gamble, invest etc.

Say you played poker and turned your 100 sDai to 200 sDai. The +100 sDai you gained came from other people who also came to Macau to gamble (and so they too had previously locked real Dai on Macau's deposit contract on Ethereum).

We came to the critical moment (FOCUS 👏):

You want to collect your gains and go back home, i.e. Ethereum, because you are a chad who values high security and deep liquidity, or maybe you are a masochist who has a thing for $1k+ gas fees. If you can unlock your 200 Dai, and ONLY that, from Macau's deposit contract (again, it's on the Ethereum blockchain) financially independently anytime anywhere 'round the wurrrrld and no one can stop you .. then Macau is an L2 🎉🍾 🔒.

If Macau's validators can in theory prevent you from unlocking and withdrawing your 200 Dai or steal it outright (by withdrawing it to themselves), then Macau is NOT an L2, but rather is a sidechain ☠️.

If YOU can in theory unlock and withdraw more than you are entitled to, say 300 Dai, then Macau is also NOT an L2.

Step 4/4: exit Macau and unlock whatever funds you are entitled to on the deposit contract on Ethereum….if you can!

When it comes to scaling solutions, it always boils down to: “who controls the exits?”


So how could the deposit contract on Ethereum be made smart enough to prevent you, other Macau users, and Macau's miners/validators/operators from cheating?

As you can imagine this is not a trivial thing to do, because it requires that the contract is smart enough to know who on Macau owes what to whom and when: while it's true you had won 100 sDai in a poker game on Macau an hour ago, and as such you’re entitled to withdrawing an additional 100 real Dai on Ethereum, you may have had since then lost it in a subsequent game! Therefore, the contract must be able to determine the truth, the whole truth, and nothing but the truth about the latest state of Macau.

Early approaches like state channels and plasma tried to do exactly this: coding up fraud signalling and dispute resolution logic into the deposit/withdraw contract on L1. However, they both put burdensome responsibilities on the users, such as:

  • A user must be “live” at all times watching the L1 contracts on Ethereum in order to challenge/inhibit/punish malicious withdrawal attempts that threaten her assets.

  • A user must store the data necessary for raising disputes. In the case of channels1 this data is typically signatures from counter-parties attesting to state changes in the channel (e.g. “Alice: I certify paying 10 Dai to Bob”, or “Charlie: I certify moving rook to position H5 in this chessboard at configuration X”).

  • Specific to plasma: users are vulnerable to (a) massive increase in data that needs to be stored, because data of interest to a user exists as part of a global plasma chain state, not just a counter-party as in channels2, and (b) data withholding attacks by the plasma operator (block producer) who may attempt a malicious withdrawal while at the same time withholding the data that users need to raise a challenge. This adds further complications to the withdrawal safety logic on L1.

It wasn't until rollups emerged that these pesky problems were truly solved, by requiring that all the data a user needs to exit be available on L1. This data is updated by the rollup operator every time L2 advances its state. So, L2 execution and L1 data update advance in lock step. You can learn more about rollups by reading these articles: beginner , intermediate , advanced (zk-rollup), and advanced (optimistic rollup).

In rollups, all parties involved are kept honest by the power of math (ZKRU) or cryptoeconomic (ORU) guarantees, and users can always use the data on L1 to safely exit their funds should the rollup operator disappears or starts messing around: spamming, censoring, or (in the case of optimistic rollup) committing fraud. This is all enshrined in the rollup contract on L1 Ethereum, and so the only thing users need to trust is faithful execution of these contracts by the L1 network (same trust assumptions around any other L1 contract, like MakerDao MCD or Aave etc).

Done and done 🤝.

Note 1: Other layer-1 chains like NEAR, Polkadot, or CosmosHub could indeed be rollups relative to Ethereum, they just need to make a bridge that adheres to the rollup design pattern, and post the necessary data to Ethereum, just like any other rollup would.

Note 2: In the case of ZK Rollup, fraud couldn’t even be committed thanks to validity proofs attesting to the the correctness of the rollup state update, which get validated on L1 at every update. However, data must still be posted on-chain so that if the rollup operator disappears, users can use that data to submit a withdrawal request themselves directly to the deposit contract.

Note 3: Can Bitcoin have a layer-2? No. It lacks the programming primitives and the state plumbing necessary to create sophisticated L1 contracts to manage disputes and/or verify validity proofs 3. Of course you will hear claims (~02:35) that you can use so and so Bitcoin sidechain “without giving up control of your coins”, but that’s simply false advertising4.

“What about muh Lightening Network?” Lightening is L2 only in theory. In practice, normal users will mostly certainly trust a third party to keep watch (see discussion above on state channels), which means Lightening is not an L2 in practice. Most people certainly do not have the time and/or skill to spin up a lambda function on AWS (with fail-safe backup) to keep watching their money on L1.

Rollups are the only layer-2 scaling solution with the assurance that (a) you can’t get robbed while you’re asleep, and (b) no one can prevent you exiting what you are entitled to, because the physical funds and exit mechanisms are under the control of L1 Ethereum chain.


Back to sidechains:

If rollups are so magical, why would anyone choose to build a sidechain which (a) require additional trust assumptions and (b) have been rejected by the market over the past 7 years anyway 5 ?

Sidechains refuse to die because they are easy to spin up. Usually people spin them up to create a pitch deck overnight, raise money from VCs, and dump a token on retail6.

You could literally spin up an Ethereum sidechain in an afternoon: you just need a basic smart-wallet-like contract on Ethereum where people deposit their funds, a fork of Geth (just pick a new chain ID for your sidechain and rebuild)....and voila, you are basically done ... um, well, not quite .. you still need to hire shill armies, graphic designers to create a glitzy website, etc...but plenty of VCs are happy to take care of all that for you, they have massive bot farms ready for deployment.

Some charlatans will try to sell you a sidechain as an L2, some may even be shameless enough to claim that their sidechain is more secure than rollups, sometimes using rebranding trickery to create a distraction.

But it boils down to a simple question: who controls the exits?

With rollups, exits are under the control and protection of mighty EVM of L1 Ethereum.


Take away messages:

  • Currently any claim of >2k tps of a chain selling itself as a scalability solution probably means it’s a sidechain and the user is making otherwise undisclosed trust assumptions.

  • Rollups may provide 10k+ tps after Eth2 data shards go live, they’re data-hungry.

  • Rollups are the only layer-2 scalability solutions without additional trust and/or liveness assumption on the user.

  • Sidechains refuse to die because they can be spun in 1 hour, typically in order to raise money and dump a token on retail.

  • When aping into another chain, examine the exits and the trust assumptions you must make to (a) remain safe while on it (b) exit your funds safely. There are typically mountains of marketing fluff and nonsensical jargon designed to obscure these security tradeoffs.

  • Other L1 chains can be rollups relative to Ethereum, they just need to adhere to the rollup design pattern and post the necessary data onto Ethereum.

  • Layer-2 without liveness assumption can’t be built on Bitcoin because it lacks the necessary programming primitives and state plumbing to enshrine the necessary protections on L1.

Thanks for reading and have a nice day! 👋

Last updated