Decentralized Finance (DeFi) on Ethereum can be powerful—but it can also be slow, expensive, and frustrating. As the popularity of Ethereum has risen, the network has struggled to keep up. Users new to DeFi are often surprised to find themselves paying $10 in gas fees—and waiting 30 minutes— when simply moving $5 in tokens.
That is why layer 2s (L2s) were created. L2s are a layer on top of Ethereum; they are fast and cheap, but still leverage the decentralization and security of the Ethereum base layer.
The goal of L2s is to enable the blockchain use cases that Ethereum cannot handle such as on-chain gaming, mass minting of low-cost NFTs, and what we are concerned with here—DeFi.
But how do you get started with DeFi and L2s? In this article, we will look at the two key steps you need—on-ramps that move your fiat to crypto assets and bridging that moves those crypto assets from Ethereum to an L2. We will look at what exactly these are, how to do them, and how to protect yourself against their inherent risks.
First, to fully take advantage of DeFi, you need digital assets on a blockchain. US dollars (or JPY, EUR, etc.) sitting in a bank won’t work. You need assets that can be stored in the ledger of a blockchain.
On-ramps are services that allow you to convert your fiat into digital (or crypto) assets on the blockchain. On-ramps give you the ability to deposit fiat and get back an equal (or close to equal if they charge a fee) amount of digital assets.
For example, you would use an on-ramp to move the US dollars in your bank account into USDC tokens (a digital dollar) that exist on Ethereum so that you could start using DeFi.
In the context of L2s, on-ramps refers to the process of moving assets from a Layer 1 (L1) such as Ethereum to an L2 and is known as bridging.
Bridging is how you move digital assets between blockchain networks. For example, if you own USDC on Ethereum, and you want to use that USDC on the L2 Linea, you have to bridge those USDC tokens from the Ethereum chain to the Linea chain.
Bridging effectively removes the asset from the ledger (and your wallet) on the first chain and adds it to the ledger (and your wallet) on the second chain. Bridging can be complicated. For example, tokens can have multiple versions on different L2s, some tokens have to be wrapped when moving to an L2, and some tokens don’t even exist on certain L2s.
But bridging is a necessary step when using DeFi on an L2. So it is critical that when you use a bridge, you understand the process.
Let’s take a look at the process of bridging from L1 to L2.
Deposit assets: The first step in the on-ramps process is depositing your digital assets such as ETH or any other tokens that you wish to move to an L2 into a specific smart contract on an L1. This smart contract is known as a deposit or a lock-up contract.
Confirm deposit: Once the deposit contract is created on the L1, the L2 network monitors the L1 for the confirmation of that contract. Once it confirms that the smart contract has indeed been created, it mints a corresponding amount of the same token on the L2.
Transact on L2: Once the tokens have been created on the L2, you are now ready to do any transactions on the network.
If you wish to move your tokens back to the L1, you can initiate a withdrawal. Similar to the process described above, the L2 will burn the assets they had minted and once this is confirmed by the L1, it moves back the assets on the main blockchain.
It is important to understand the risks involved with bridging and on-ramps, and to use secure practices to help protect your assets. Blockchain is new, and while the user experience and security practices are improving daily, user mistakes and malicious hacks are still common.
Some of the most important risks to be aware of are:
Smart contract bugs - Smart contracts are complicated and often handle millions of dollars in digital assets. The motivation for hackers to find and exploit bugs is high. For example, if a smart contract incorrectly updates the balance of your assets after they have been bridged, it could lead to a loss of the missing amount on the L2.
Another way that malicious users could exploit bugs is if a smart contract uses a multi-sig wallet to secure the bridging process, any bugs in the implementation of these features could allow an attacker to bypass the security measures. Always consider who created the smart contract, if it has been audited, and how long the contract has existed. Most projects provide this information on their websites. Many blockchain projects are open source and the contributors to those projects post this information on GitHub. Another way to get information about smart contracts is through blockchain explorers such as Etherscan and Blockchair.
Centralization risks - At the heart of crypto and DeFi is the idea of decentralization—there is no bank, no company, and no authority that controls the blockchains or your tokens. But many of the DeFi platforms (and some of the L2s) are owned, built by, or controlled by centralized companies. For example, if a bridge uses a multi-sig wallet for security, but all the signatories required to approve transactions are controlled by a single entity, it could lead to an instance of halting withdrawals or even misuse of funds.
Liquidity risks - There are many tokens available on many L2s. Because the landscape is so varied, you may find that due to low liquidity, it is difficult to sell or exchange your tokens at their market value. Liquidity for tokens ranges widely among L2s, even for mainstream tokens. Let’s take a look at an example. If a large number of users try to withdraw their tokens from an L2 back to an L1, it could overwhelm the bridge capacity. This could lead to delays in withdrawal or high costs of withdrawal. This is especially true during times of high market volatility, when a number of users are looking to move their assets. So be aware of any such liquidity constraints before you choose a token or L2.
Relay chain risks - In the context of L2s, the relay chain is the main L1 that the L2 is built upon. This relay chain is responsible for securing and validating the transactions on the L2 network. If the relay chain itself is experiencing issues such as congestion, high gas fees, or security vulnerabilities. For example, if a relay chain becomes congested, it could slow down the process of depositing and withdrawing assets from the corresponding L2 through a bridge. Or if the relay chain’s transaction fees become too high, it could in turn make the bridge expensive to use.
Oracle risks - Oracles are third-party services that allow smart contracts to interact with external information and data. For example, an oracle may provide the smart contract with information on the price of the assets being bridged.One example of oracle risk is the fact that a bridge may not function as it is intended to if the oracle provides incorrect data or does not provide the required information in a timely fashion.
Reentrancy attacks - A reentrancy attack on a blockchain happens when a malicious actor repeatedly calls a function in a smart contract before the original function call has finished executing. Think of the smart contract as a vendor giving out tickets. Imagine that a malicious actor asks the vendor for one ticket, and as they are providing the ticket, they ask them for change. Now, while they are busy getting the change for the buyer, the latter pockets the first ticket and later tells them that they never provided you with that ticket. They agree with you and give you a second ticket. So you end up getting two tickets for the price of one. This is the reentrancy attack. If a smart contract is not properly secured, the chances of a reentrancy attack increase.
Front-running attacks - A front-running attack is an attack where a hacker looks at a pending transaction on the network, and submits their own transaction with a higher gas fee to ensure it gets processed first. In the case of L2s, this is how it would work. A malicious actor front-runs a transaction and could manipulate the price of the assets being bridged, leading to financial loss.
So how do you protect yourself against the risks? Some best practices include:
Use trusted platforms - There are many DeFi platforms (and L2s), with new ones being created often. While some of these platforms come from well-known and trusted organizations, many are not. The popularity of developer anonymity in crypto means you often don’t know who has created a project. Unless you are an advanced user and willing to risk your funds, stick with trusted platforms and companies that have proven themselves over the years.
Diversify your investments and the platforms you use - For the same reasons as above, use a variety of investments and platforms. Not only can crypto values swing wildly, but platforms come and go. Be sure you spread your risk in case of hacks, dropping values, or malicious teams.
Stay educated - Crypto moves fast. Luckily there is an abundance of information available, ranging from the blogs of companies you trust, news sites, and crypto Twitter/X. Take advantage of trusted sources to stay educated and up to date.
Bridging and on-ramps are the critical first steps to entering the world of DeFi. But they can also be challenging and risky. Protect yourself and your investments by understanding how they work and how best to use them before you get started.
You can explore this concept in more detail, and other aspects of DeFi, by participating in the Linea DeFi Voyage. The six-week Voyage is designed to give all levels of web3 users an opportunity to explore DeFi, in an intuitive, immersive, and educational manner.