What Are Blockchains Layers 0, 1, and 2?
A blockchain is a complex, multi-layered system. Bitcoin, the original blockchain, maintained a distributed and decentralized digital ledger on top of a peer-to-peer network. Later blockchains, like Ethereum, added complexity by integrating smart contract functionality and the technology needed to support these programs that run on top of the blockchain.
In addition to these various layers within a blockchain, there is now the concept of Layer 0, 1, and 2 blockchain solutions. Each of these “layers” is intended to describe a particular function that has been added to or abstracted from the blockchain.
In the Beginning, There Was Only Layer 1
When Bitcoin — and many other blockchain platforms — was created, there was no concept of Layer 0 or Layer 2 solutions. Bitcoin, Ethereum, and similar blockchains are examples of what would today be called a Layer 1 blockchain.
Latter 1 blockchains are standalone solutions designed to maintain a distributed and decentralized digital ledger and potentially support smart contracts. To varying degrees, blockchains are based on the design of Bitcoin. Blockchains use a peer-to-peer network to communicate, organize transactions into blocks, use a consensus algorithm to achieve agreement on the contents of a particular block, and “chain” blocks together by including the hash of the previous block in the header of the next. The details of the various blockchains can differ significantly, but they all clearly have a common ancestor.
Layer 2 Solutions Address Layer 1 Limitations
The leading blockchain platforms, such as Bitcoin and Ethereum, are good at their jobs. However, they are far from perfect solutions and have their limitations. For example, Bitcoin has significant energy consumption and a slow block rate. Ethereum, in its current form, has a low transaction bandwidth that can lead to the blockchain being overwhelmed.
Layer 2 blockchain solutions are designed to address some of the limitations of blockchain platforms without replacing these platforms entirely. Instead, Layer 2 blockchain solutions perform off-chain activities that are then recorded on-chain. Two common examples of Layer 2 blockchain solutions are state channels and sidechains.
A state channel is established via an on-chain transaction that funds the channel with cryptocurrency from one or both participants. After the channel is established, the participants can perform off-chain transactions by changing the balance of the allocated assets in the channel. The channel can be closed by either participant with an on-chain transaction that records the current balance of cryptocurrency in the channel and releases the locked cryptocurrency accordingly.
State channels provide the ability to make instantaneous transactions with near-infinite scalability. Since only the opening and closing transactions are recorded on-chain, there is no need to wait for intermediate transactions to be recorded in blocks, and the blockchain is not bloated with these transactions. State channels also enable indirect transactions by allowing value transfers between multiple point-to-point state channels.
A blockchain like Bitcoin has the benefit of being well-established with strong security. However, it lacks support for smart contracts, has a relatively slow block rate, and has other limitations.
Sidechains address these limitations by linking a blockchain like Bitcoin to another blockchain (called a sidechain). This is commonly accomplished using bridges like Binance Bridge, cBridge, or AnySwap. To transfer assets between chains, a user sends them to a particular address on one chain, and, after the transaction is approved, the corresponding assets are unlocked on the other chain.
Sidechains offer the potential to dramatically increase the scalability of a blockchain system by allowing transactions to be recorded on another chain. It also interconnects the ecosystem of blockchains, allowing blockchain users to take advantage of the various benefits of different blockchains by transferring their assets between them using blockchain bridges. For example, a user may store assets on Bitcoin for greater security but transfer them to other chains to use smart contracts deployed on those blockchains.
Layer 0 Increases Blockchain Interoperability
Blockchains like Bitcoin, Ethereum, and many others were built largely independently of one another. While modern blockchains are all based on the design of Bitcoin, the implementation details vary dramatically. Also, many blockchains introduce new functionality or new takes on existing functions, such as the introduction of smart contract support in Ethereum or the creation of new consensus algorithms such as Proof of Stake.
The problem with the creation of completely independent blockchain systems is interoperability. In the beginning, all smart contract platforms wanted to be “Ethereum killers”. Now, Ethereum’s longevity and market share have made interoperability the major goal. Other smart contract platforms are linking via Layer 2 solutions as well as attempting to develop support for the Ethereum Virtual Machine (EVM) to enable smart contracts developed for Ethereum to run on other platforms and vice versa.
Layer 0 blockchain platforms are intended to make it easier to build and integrate blockchains by providing the building blocks needed to do so. Layer 0 protocols like Cosmos and Polkadot provide tools for developing Layer 1 blockchains and enable integration and communication between various blockchains within their ecosystems. For example, blockchains built within the Polkadot Ecosystems (called parachains) can communicate internally via the Polkadot Relay Chain or use the Layer 2 protocol’s bridges to connect to non-Polkadot blockchains (such as Bitcoin or Ethereum).
Introduction to Layer 0, 1, and 2 Blockchain Security
The introduction of Layer 0 and Layer 2 concepts to the blockchain ecosystem increases the complexity of discussing blockchain security. For example, blockchains like Bitcoin and Ethereum have no Layer 0; all of the functionality of the blockchain is implemented at Layer 1. In contrast, blockchains built on Polkadot or Cosmos have split core functionality between Layers 0 and 1.
Regardless of whether a blockchain is implemented independently (like Bitcoin) or via a Layer 0 protocol, certain security risks exist, including:
- Cryptography: Blockchain security is heavily dependent on the security of hash functions and digital signatures. If a blockchain uses an insecure hash or digital signature algorithm or the algorithm that it uses is broken in the future, then the security of the entire blockchain ecosystem falls apart.
- Consensus: Blockchain consensus algorithms are designed to ensure that all nodes in the blockchain network agree on the current state of the digital ledger while protecting against cheating. The relative security of different blockchain consensus algorithms (such as Proof of Work vs. Proof of Stake) is hotly debated.
- Node Security: Blockchains are implemented as software running on a computer. If the blockchain software contains vulnerabilities or the host node is infected with malware, then these security risks can affect both the node and the blockchain network as a whole.
- Network Security: Blockchain nodes communicate over a peer-to-peer network that is sparsely connected. If an attacker can intercept or block communications between nodes, they can perform a Denial of Service (DoS) attack on the blockchain or threaten consensus security.
- Smart Contract Security: Many modern blockchains are designed to support the execution of Turing-complete programs on top of the blockchain (i.e. smart contracts). These smart contracts could have design errors or implementation flaws that place them and their users at risk. Most cyberattacks against the blockchain occur at the smart contract level.
Many of these security risks could be considered as Layer 1 security risks since they exist in independent blockchains like Bitcoin and Ethereum as well as blockchains created using Layer 0 protocols. However, the introduction of Layer 0 and Layer 2 protocols can create additional threats to blockchain security.
Layer 0 Security
Layer 0 protocols are designed to abstract away the details of implementing a blockchain by exposing pre-built modules to a blockchain developer. They also provide the ability to communicate with other blockchains within the Layer 0 ecosystem.
By using a Layer 0 protocol, blockchains accept certain security risks, such as:
- Centralization: Blockchains implemented using Cosmos, Polkadot, or other Layer 0 protocols all depend on shared modules, infrastructure, etc. This centralizes significant power in the hands of the team behind the Layer 0 protocols, creating the potential for supply chain attacks, targeting by cyber threat actors, or internal abuse of this power.
- Vulnerable Code: With a Layer 0 platform, many blockchains may be implemented using the same modules. If these modules contain design errors, implementation flaws, or exploitable vulnerabilities, they can affect multiple different blockchains. For example, an error in CosmWasm’s implementation of the Bech32 specification impacted the security of smart contracts hosted on 20+ blockchains.
- Complexity: Layer 0 protocols are designed to create a complex ecosystem of interoperable blockchains. This makes security analysis more difficult and creates the potential for attacks that take advantage of undesirable and unintentional interactions between the various blockchains within the Layer 0 ecosystem.
- Ease of Use: Layer 0 platforms make it possible to implement a blockchain with much less knowledge and understanding of the technology than is required to write one from scratch. This is good for expanding access to blockchain technology and encourages the use of well-tested, more secure modules rather than custom code. However, it also creates the potential that blockchain code will be cobbled together without a full understanding of how it actually works, resulting in code that insecure, inefficient, or otherwise less functional.
Layer 2 Security
Layer 2 protocols such as state channels and sidechains are designed to improve the scalability, throughput, and other aspects of a blockchain. However, they can also introduce security risks.
Some of the security risks associated with state channels include:
- Off-Chain Transactions: The transactions performed between the parties in a state channel are not recorded on the blockchain’s digital ledger. This means that they are only indirectly protected by blockchain immutability.
- Denial of Service Attacks: A transaction can only be made between two parties if there is a path between them via state channels that have enough capacity for the transfer. An attacker that refuses transactions or sufficiently unbalances state channels could render a transaction impossible.
- Blocked Disputes: When a state channel is closed by a single party, the other has the opportunity to dispute the final state of the channel. A DoS attack against that account could prevent a dispute transaction from being registed within the dispute window, allowing theft of some of the value stored within the channel.
Sidechains, implemented using blockchain bridges, can also create security risks, such as:
- Centralization: Often, a blockchain bridge is implemented and managed by a small number of parties that approve transactions between chains. This centralization can be exploited by an attacker. For example, the Ronin Network was the victim of the largest hack in DeFi history to date due to an attacker compromising 5 of the bridge’s 9 validating nodes and using this power to approve fake transactions.
- Cross-Bridge Effects: Blockchain bridges enable integration of multiple different blockchains, which can amplify the effects of an attack. For example, Hundred Finance lost $3.3 million when an attack on the Meter.io blockchain bridge locally depreciated BNB.bsc on Binance Smart Chain. Attackers acquired the tokens at a low price and use them as collateral for loans with Hundred Finance — which used the higher global Chainlink price — to extract more valuable assets.
- Bridge-Focused Exploits: Bridges must be properly integrated into multiple blockchains to correctly read deposits on one blockchain and release funds on another. If an attacker can trick a bridge into accepting a fake deposit, they can drain value from the bridge contract. This occurred in the Wormhole hack where the attacker created a transaction that exploited a flaw in signature validation by the bridge to drain $326 million from the bridge with a fake deposit.
Taking a Holistic Approach to Blockchain Security
Often, security audits of blockchain systems focus on the smart contract level where many attacks against the blockchain occur. However, the various levels of the blockchain ecosystem can impact the security of smart contracts running on a platform or the blockchain as a whole. For example, Layer 2 exploits against blockchain bridges commonly have an impact on DeFi protocols due to their effects on the value of tokens on different blockchains.
Securing the blockchain requires considering all layers of the blockchain ecosystem and their security. This includes taking into account the effects that Layer 0 and Layer 2 protocols can have on the security of a blockchain system.
For over 30 years, Marin Ivezic has been protecting critical infrastructure and financial services against cyber, financial crime and regulatory risks posed by complex and emerging technologies.
He held multiple interim CISO and technology leadership roles in Global 2000 companies.