DEV Community

Mhammed Talhaouy
Mhammed Talhaouy

Posted on

🧵 Understanding L1s, L2s, and Rollups

#architecture #security #web3 #blockchain

If you’re building or auditing smart contracts today, understanding where your code executes is just as important as what it does.

Let’s break down Layer 1s, Layer 2s, and Rollups from a technical and security lens 👇

⚙️ Layer 1 (L1)

Definition: The base blockchain — e.g. Ethereum, Solana, Bitcoin.
It handles consensus, data availability, and execution.

  • For devs: You deploy directly on the L1. Think Ethereum mainnet.
  • For auditors: L1s have the strongest security guarantees — but execution is costly, and attack surfaces are well-known.

Examples: Ethereum, Solana, Avalanche, Bitcoin.

⚡ Layer 2 (L2)

Definition: A protocol built on top of an L1 to scale it — usually by moving execution off-chain and posting data or proofs back to the L1.

L2s inherit security from the L1, but optimize throughput and cost.

  • For devs: You deploy on an L2 like Arbitrum, Optimism, or Base, using the same EVM tooling.
  • For auditors: Key risks shift from on-chain contract logic to bridge security, sequencer assumptions, and proof verification.

🔁 Rollups

Rollups are the dominant design for L2s today.
They “roll up” many transactions, execute them off-chain, and post a single compressed proof or data batch to L1.

Two major flavors:

  1. Optimistic Rollups — assume transactions are valid; fraud proofs can challenge invalid ones.
    Examples: Optimism, Arbitrum.

  2. ZK-Rollups — use zero-knowledge proofs to prove correctness of batches.
    Examples: zkSync, StarkNet, Scroll.

  • For devs: Deployment often mirrors L1 contracts, but watch for subtle differences in gas accounting, precompiles, and bridging.
  • For auditors: Verify data availability guarantees, proof system integrity, and bridge contracts — the weak link between layers.

🧩 Why It Matters

As a developer, you care about:

  • Cost → L2s are cheaper.
  • Throughput → Rollups scale better.
  • Compatibility → Many L2s are EVM-equivalent.

As an auditor, you care about:

  • Trust assumptions → Is the rollup fully decentralized?
  • Upgradability → Who can pause or upgrade the bridge?
  • Data security → Is transaction data actually available on L1?

🧠 TL;DR

Layer Executes Posts Data To Security From Example
L1 On-chain Itself Native consensus Ethereum
L2 Off-chain L1 L1 (via proofs) Arbitrum, zkSync
Rollup Off-chain batch L1 L1 + proof validity Optimism, StarkNet

🔍 Final Thought

L1s are about security.
L2s are about scalability.
Rollups are about trust minimization.

When developing or auditing across these layers, know your execution context — that’s where most hidden risks live.

Top comments (0)