Layer 2 is secured by Ethereum, and it has become a misnomer.

Original author: Ishita

Compiled by: White55, Mars Finance

The development of Ethereum over the past decade has revolved around a simple promise: to scale the network without sacrificing decentralization. According to its roadmap, the answer is a future centered around Rollups. In this architecture, Layer 2 networks (L2 or "Rollups") execute transactions off-chain, achieving lower costs and higher throughput while still deriving core security guarantees from Ethereum as the base layer (Layer 1).

Almost all major Rollup projects, including Arbitrum, Optimism, Base, zkSync, and Scroll, brand themselves with the core message of "secured by Ethereum." This slogan is strong and powerful, at the heart of their marketing narrative, but does it really hold true? After delving into how these Rollups operate in practice and the flow of assets within them, this claim appears to be unclear.

This article will analyze the gap between slogans and reality, starting from bridging (where user funds are located), to the sorter (the role responsible for transaction ordering), and then to governance (the rule-maker), discussing each in turn.

The Reality of Rollup Bridge

Rollup claims to be "secured by Ethereum," but this statement obscures the way users actually interact with these systems.

To use Rollup, whether for DeFi, payments, or applications, you first need to transfer assets to the Rollup. However, Ethereum does not have built-in functionality for direct transfers in or out—you cannot simply "send" ETH to the Rollup. This requires a bridge. The bridge is the entry and exit point between Ethereum and the Rollup, and it determines the security that users actually experience.

The working principle of bridging

Deposit

When you deposit ETH into a rollup, you are actually sending it to a bridge contract on Ethereum. This contract locks your ETH and instructs the rollup to create the same amount of ETH in your L2 wallet. For example, if you deposit 1 ETH, the bridge contract will securely hold this 1 ETH on Ethereum, while your rollup account will also show 1 ETH. Since the ETH is locked on Ethereum, this deposit achieves trust minimization.

Withdrawal

Withdrawal is much more complicated. The process of exiting is the opposite of depositing:

You burn (or lock) tokens on Rollup.

You send a message to the Ethereum bridge contract: I have burned the tokens on L2, please release my locked ETH.

The problem is: Ethereum cannot see what happens inside the Rollup; it is blind to the computations on L2.

Therefore, Ethereum will only release your funds when the bridge provides proof that the withdrawal is legitimate. This proof may include:

Fraud Proofs (Optimistic Scheme): The default assumption is that transactions are legitimate unless challenged within the dispute window.

Validity Proofs (Zero-Knowledge Schemes): By cryptographically proving that all transactions comply with the rules in advance, Ethereum can instantly trust the results.

Multisigs or Committees: Rely on trusted parties for authentication.

Bridging is key for users to access Rollup. It can be compared to the window of a house. Even if the window (Bridge) is broken, the house (Rollup) still stands tall. But if the window shatters, you can no longer enter and exit safely. Similarly, a failure in bridging will cut off user access, even if the core mechanism of Rollup is still functioning.

Therefore, the bridging layer is the true perspective on the security of Rollups. Whether assets are truly "secured by Ethereum" depends on the bridge you use and its trust model, rather than the Rollup itself.

Bridging model and its assumptions

Official Bridges (Canonical Bridges) are the "official bridges for each Rollup" that are directly tied to Ethereum. When users lock assets here, Ethereum validators ensure that even if L2 ceases to operate, users can ultimately withdraw back to Layer 1. This is the only bridging method that directly inherits the security properties of Ethereum.

External Bridges such as Wormhole, LayerZero, and Axelar optimize user experience through fast chain-to-chain transfers but rely on their own validator committees or multi-signature mechanisms. These bridges are not enforced by Ethereum's consensus. If these off-chain operators are hacked or collude maliciously, users may still lose funds even if Ethereum itself is functioning well.

Native Issuance refers to tokens minted directly on Rollup, such as USDC on Base or OP on Optimism. These assets have never been bridged through official means and cannot be redeemed on Layer 1. Their security comes from the governance and infrastructure of the Rollup, rather than Ethereum.

Actual distribution of Rollup assets

As of August 29, 2025, Ethereum Rollup has protected approximately $43.96 billion in assets, distributed as follows:

External bridging: $16.95 billion (39%) - largest share

Official Bridge: $14.81 billion (34%) - Ethereum-backed assets

Native Issuance: $12.2 billion (27%) - Rollup Native Assets

Historical Trend Analysis

Looking back at the years 2019-2022, official bridging has been the main driving force behind Rollup adoption. Almost all of the early growth was achieved through official bridging, keeping Ethereum at the core.

However, starting from the end of 2023, the situation began to change:

Official bridging continues to grow, but market share begins to decline, peaking in 2024.

Native issuance is gradually expanding, especially between 2024 and 2025.

External bridging saw a sharp increase starting in late 2023, surpassing official bridging by early 2025, marking Ethereum's loss of the majority share of Rollup assets.

Currently, two-thirds of Rollup's assets (external + native) have detached from Ethereum's direct security guarantees.

The segmentation of the Rollup ecosystem

Market concentration is extremely high: the top six Rollups account for 93.3% of the total locked value (TVL). The asset distribution of each ecosystem is as follows:

Official Bridging: 32.0%

Native issuance: 28.8%

External bridging: 39.2%

Overall Pattern Analysis of Pie Chart

External bridging dominates: Users pursue quick exits and liquidity, preferring third-party bridges, such as Arbitrum and Unichain.

Official bridging dominates: for example, Linea (and the suboptimal OP Mainnet), more L1 sourced collateral is bridged through official channels.

Native issuance dominates: For example, zkSync Era and Base directly mint assets (such as native USDC on Base) on L2 and flow in through direct entry.

Key point: Most assets of large Rollups have exceeded the direct security guarantees of Ethereum. The actual security obtained by users depends on the trust mechanism behind each bridging model, rather than the Rollup itself.

Beyond bridging: What other risks exist?

The bridging model determines the ownership of assets, but even if all assets are bridged through official channels, users still face other trust and security vulnerabilities. The following three areas are particularly important: transaction ordering mechanisms, governance structures, and the impact of composability on user experience.

1 Sorter: Centralized Control Point

The sorter is responsible for determining the order and packaging method of transactions. Currently, the vast majority of Rollups use centralized sorters, which is both efficient and profitable, but also brings the following risks:

Transaction Review: The sorter can reject certain transactions for review.

Withdrawals are blocked: The sorter determines when to send exit transaction batches to Ethereum, so withdrawals can be indefinitely blocked.

Completely offline: A sorter crash will cause Rollup activities to pause until it comes back online. (For example, Arbitrum has experienced 78 minutes of downtime.)

Ethereum provides a "Force Inclusion" mechanism, allowing users to submit transactions directly to Layer 1 to bypass the sorter. However, this mechanism does not ensure fairness, as the sorter still controls the ordering of blocks, which is enough to undermine the user experience. For example:

Suppose you try to withdraw funds from Aave on L2.

And submitted a forced inclusion withdrawal request via Ethereum, which means that the sorter cannot ignore your transaction.

However, the sorter can insert its own transactions before yours— for example, borrowing more funds from the same liquidity pool.

When your withdrawal transaction is executed, the liquidity pool no longer has sufficient liquidity, resulting in a withdrawal failure.

Although your transaction was "included", the result was compromised.

In addition, there are practical issues with forced inclusion: the waiting time can be as long as several hours (sometimes over 12 hours), and the throughput is limited, meaning that even after submission, transactions may still be reordered. Therefore, this mechanism resembles a slow safety valve rather than a guarantee of fair execution.

Decentralized sequencers are gradually gaining attention. For example, projects like Espresso and Astria are building shared sequencer networks to enhance resilience and interoperability.

One of the core concepts is "Pre-Confirmations": the sorter or shared network can commit in advance that a transaction will be included, even if it has not yet been finally confirmed on Ethereum. This can reduce the delay issues brought about by decentralization, providing users with faster assurance while maintaining neutrality.

Nevertheless, centralized order books still dominate because they are simple, profitable, and more attractive to institutions—at least until competition or user demand forces them to change.

2 Governance and Incentive Risks: Corporate L2

The operators of Rollups are crucial. Many leading Rollups are operated by teams backed by companies or venture capital, such as Base by Coinbase, Arbitrum by Offchain Labs, and Optimism by OP Labs.

The primary obligation of these teams is to be accountable to shareholders and investors, rather than to Ethereum's social contract.

Shareholder Responsibility → Profit Pressure: Initially low fees to attract users, followed by an increase in fees as liquidity and application lock-in occur (a typical "platform tax" model). In the future, there may be higher sorter fees, priority integrations, or rules favorable to the overall business of the operators.

Lock-in Effect → Leverage: As billions of dollars are locked and user accumulation increases, the exit costs rise, allowing operators to change the economy or policies with limited migration risks.

Cultural Dislocation: Ethereum relies on public development meetings, multi-client diversity, and open governance (such as EIPs). In contrast, enterprise Rollups tend to favor top-down management, often possessing admin keys or multi-signature authority, which allows them to pause, upgrade, or freeze the system—prioritizing compliance or profitability over neutrality. Over time, these Rollups may resemble "walled gardens" rather than Ethereum's open ecosystem.

As a result, the gap between Ethereum's open spirit and the incentive mechanism for shaping enterprise Rollups is becoming increasingly large. This gap not only affects governance but also extends to the way applications interact and the overall system experience for users.

3 Composability and User Experience

The "magic" of Ethereum lies in its atomic composability: smart contracts can read and write synchronously in a single transaction (for example: swapping assets via Uniswap while repaying Aave debt and triggering actions on Maker). However, L2 breaks this composability:

Asynchronicity: There may be delays in cross-Rollup messages, official withdrawals may take several days, and third-party bridging increases trust assumptions.

Isolation: Liquidity and state are dispersed across different L2s, weakening the seamless DeFi user experience on Ethereum.

What is the solution?

Ethereum's native rollup (designed and governed according to Layer-1 standards) can achieve synchronous reading from L2 to L1, synchronous writing from L1 to L2, and atomic cross-rollup writing, thereby expanding block space while restoring much of Layer-1's composability. Without these features, the user experience (UX) will continuously gravitate towards convenience layers that are not secured by Ethereum.

The Future of Rollups

If "Ethereum Security Assurance" is to go beyond a slogan, its core security must rely on Layer 1, rather than depend on off-chain committees or a single company's sequencer. The following three design concepts illustrate the potential of this trend:

Native Rollup: Move verification completely to Ethereum

Unlike requiring users to trust independent fraud proof systems, unverifiable zero-knowledge proofs (zk provers), or security committees, Rollup provides a transaction trace that Ethereum can independently re-execute.

In fact, this makes withdrawal and status correctness a right of Layer 1, rather than a promise: if the Rollup claims your balance is X, Ethereum can directly verify that claim.

This design reduces the attack surface of the bridge, decreases the reliance on pause keys, and keeps Rollup aligned with Ethereum's future upgrades.

The trade-off of this design is a higher cost on Layer 1, but the benefit is simple: decisions are made by Layer 1 when disputes arise.

Currently, there is no native Rollup launched.

Sorting Rollup based on Ethereum Validators

Nowadays, a single sequencer can reorder or delay transactions, which is sufficient to disrupt the "force inclusion" mechanism in practice.

By using a sorting-based design, the normative order of transactions is determined by Layer 1 consensus, making it more difficult for censorship and last-minute reordering.

Mandatory inclusion becomes a normal path rather than a slow safety valve. Projects can incorporate "pre-confirmations" to maintain a smooth user experience while allowing Layer 1 to be the final arbiter of sorting.

This design requires sacrificing some of Layer 2's revenue and flexibility, but eliminates the biggest single point of control issue in the current architecture.

The core teams currently researching sort-based Rollup design include Taiko, Spire, and Puffer.

Key Storage Rollup: Addressing Key and Upgrade Risks

Unlike the independent handling of account recovery, session keys, and key rotation for each Rollup and application, the minimized "key storage" Rollup standardizes these logics and synchronizes them everywhere.

Users can rotate or recover keys in one place, and changes will propagate to all Layer 2. Operators need fewer emergency keys, and administrators need fewer "super permissions" (god-mode) switches.

The final result is fewer compromised wallets, fewer emergency upgrades after incidents, and a clearer separation between account security and application logic.

The design of key storage Rollup is currently only at the theoretical stage and has not been launched yet.

In summary, these design concepts collectively address the practical problems faced by users: a withdrawal mechanism that relies on trust, transaction ordering controlled by a single company, and fragile key and upgrade paths.

Incorporating verification, sorting, and account security into the Ethereum framework is the way for Rollup to achieve "security guaranteed by Ethereum," rather than just a slogan.