Layer 2: Bridges, Tokens and Fungibility

Sam MacPherson
5 min readJan 26, 2022


Eric Wall tweeted this out the other day:

It prompted me to consider how one might deploy a token (or dapp) entirely on one L2 with the plan to expand out to L1 or other L2s later. Clearly the experience Eric outlined above is not great, so let’s figure out what it means to be L2-first in this new world.

In particular the issue that Eric & co ran into was that they couldn’t “withdraw” to L1 when creating a token on L2 first.

The term “withdraw” here is important because it has a very specific meaning. Let’s start by considering the current standard practise of expanding out of Ethereum onto an L2. It looks something like this:

Here we have the two most basic operations of cross-chain bridging: depositing on the left and withdrawing on the right.

In the left example the token (DAI in this case) is locked into the L1 side of the Arbitrum token bridge. A message is then passed between the chains and a new token is minted on the L2 side which we will call “Arbitrum DAI”. Please note these tokens are not the same. They may look and feel the same, but they are not. This action is called a “deposit”.

In the right example we do the opposite and burn previously minted “Optimism DAI”, send a message from L2->L1 which tells the L1 bridge to release previously locked DAI. This action is called “withdraw”.

To the end user this feels like there is one token “DAI” that is jumping between chains. Most of the time this mental model is okay, but if you are deploying a new token you should be aware of the subtleties.

First, the differentiation between wrapped versions of the token and the root token itself. In the above example the root token lives on L1 and is considered the “real DAI”. There can only be one chain that hosts the root token. All bridges can do is mint another token that is later redeemable for the originally deposited DAI. This is the exact same relation between ETH and WETH.

Now one of the consequences of having all wrapped tokens being redeemable for the root token is that the total supply of any wrapped token must be less than or equal to the amount of the root token locked in the bridge. As long as this relation holds the tokens are effectively fungible (ignoring 7 day delay).

Now let’s switch to the case where the root token is deployed on Arbitrum first.

As you can see the choice of where to put the token root is rather arbitrary. You can construct a tree branching out into every other chain from either L1 or L2. If we pick Arbitrum for the token root, we can stick there without touching L1 (avoiding crazy high gas fees) until we are ready.

There are two important pieces to keep in mind when picking where to locate your root token:

  1. Security

Remember back to the fungibility point above. If there is ever a theft of the tokens locked inside any of the bridges along that bridge-chain then the minted tokens are no longer backed and you lose fungibility. This can happen for any number of reasons, but it’s important to keep in mind that the strength of your token’s security is only as strong as the weakest blockchain. This is why Ethereum is a great candidate for a root token because it can directly bridge to most other blockchains with one hop, and it’s arguably one of the most secure in and of itself.

However, if we believe in the security model of L2s to inherit Ethereum’s security then there should be effectively no difference in security to deploy the root token to an L2 instead. For these smaller projects it makes much more sense to start out on an L2 and ignore Ethereum altogether due to the gas fees.

2. Minting Rights

Due to the asynchronous nature of cross-chain communication we cannot provide guarantees about token supply if multiple chains are allowed to mint whenever they want.

If you extend the ability to mint beyond the root chain then you can wind up in situations where the amount of tokens locked in the bridge becomes less than the total supply of the minted tokens. This breaks redeem-ability and thus fungibility with the root token. We do not want this.

A common practice is to pre-mint the root token into the bridge and inform “Some Other Minting Rights Contract” on the other side that they are good to mint those wrapped tokens into existence based on arbitrary logic as long as it does not exceed the amount allotted. This is how you allow for minting on multiple chains at once. This is easy enough for fungible tokens, but NFTs present some challenges as you may not know which tokens will be minted in advance. I’ll leave that to others as I am not an NFT expert.

In summary, I think there is a mental model switch that needs to occur where we stop thinking of Ethereum as the root of everything and instead get comfortable living entirely in a rollup. There is almost no doubt in my mind that this will be the standard in a year or two.



Sam MacPherson

Protocol Engineering @ MakerDAO. Co-founder and CTO of BellwoodStudios — making unique gaming experiences.