Every major Layer 2 network pitches itself as “inheriting Ethereum’s security.” The pitch is technically defensible — the underlying transaction data does get posted to Ethereum mainnet, making it tamper-proof in a meaningful sense. But the claim often slides from “inherits Ethereum’s security” to the much stronger claim of “is decentralized,” and that’s where the gap starts to widen.
The uncomfortable reality is that as of 2026, nearly every major L2 network still relies on a single company running a single sequencer, with upgrade authority held by a small multisig. Whether that makes them “centralized” depends on how precisely you define the word — but it’s a debate that’s gotten sharp, and the community is paying more attention to it than ever.
What Decentralization Actually Means for an L2
Decentralization in an L2 has four distinct components. Most discussions conflate them.
1. Sequencer decentralization — Who decides which transactions are included and in what order? On most major L2s today, the answer is one entity. Arbitrum’s sequencer is Offchain Labs. Optimism’s sequencer is OP Labs. Base’s sequencer is Coinbase. zkSync Era’s sequencer is Matter Labs. StarkNet’s sequencer is StarkWare. These are single points of control over transaction ordering and inclusion.
2. State validity — Who proves that the state transitions are correct? Here, the answer is better: ZK rollups (zkSync, StarkNet, Scroll, Polygon zkEVM) publish cryptographic proofs to Ethereum that mathematically verify every state transition. Optimistic rollups (Arbitrum, Optimism, Base) rely on fraud provers — challengers who post a bond and submit a challenge if they see invalid state. Both approaches are a meaningful improvement over a single trusted entity.
3. Upgrade authority — Who can change the protocol? This is the most underappreciated risk. Almost all major L2s can be upgraded by a “Security Council” — typically a multi-signature wallet held by 8–12 people affiliated with the founding company. On Arbitrum, the Security Council can upgrade the core contracts with a 9-of-12 vote within about 3 days. On Optimism, two multisigs — the Optimism Foundation multisig and the Security Council — can bypass the onchain governance process entirely in an “upgrade path.” The ARB or OP governance token doesn’t give holders the ability to block an emergency upgrade.
4. Exit guarantees — If the sequencer censors your transaction or disappears, can you get your money out? In theory, yes: most major L2s have an “escape hatch” or “force-inclusion” mechanism that lets users submit transactions directly to L1. In practice, these mechanisms are untested at scale, and activating them requires users to interact with relatively obscure L1 contracts.
L2Beat’s Staging System
L2Beat — the leading independent L2 analytics site — built a three-tier staging system specifically to answer this question. As of mid-2026, almost no major L2 has reached the highest trust tier.
| Stage | What It Means | Who’s There |
|---|---|---|
| Stage 0 | Rollup posts data to L1 but is operator-controlled. Users can verify state but not override sequencer. | Most new rollups |
| Stage 1 | Fraud proofs or validity proofs are live. A Security Council can still bypass provers with a threshold vote. Escape hatch exists. | Arbitrum One, Optimism, Base, zkSync Era (as of late 2025) |
| Stage 2 | No Security Council override. Smart contracts fully control upgrades. Fraud/validity proof system is the final authority. | No major L2 as of 2026 |
Stage 2 is the goalpost for what most people mean when they say “fully decentralized rollup.” No major L2 has hit it yet. Several teams have announced Stage 2 roadmaps, but the technical requirements — a fully battle-tested proof system with no escape hatch — are genuinely hard to build safely.
The Sequencer Bottleneck
The sequencer problem is real but often overstated by critics and dismissed too quickly by L2 advocates.
What a centralized sequencer can do:
- Front-run your transaction within the L2 (though most sequencers have committed to not doing this)
- Delay or soft-censor your transaction (though forced inclusion exists as a backstop)
- Go offline — halting the chain for minutes or hours, as has happened on Arbitrum, Optimism, and Base
What a centralized sequencer cannot do:
- Steal your funds — the state is verified by Ethereum, so invalid withdrawals would be rejected
- Prevent you from withdrawing — forced inclusion lets you bypass the sequencer after a delay, typically 24 hours to 7 days
The honest version is that sequencer centralization is a liveness risk and censorship risk, not a funds safety risk — assuming the proofs and the escape hatch work. That’s a meaningful distinction, but it doesn’t mean the risk is zero. A sequencer going offline has caused genuine disruption.
The Upgrade Key Problem
The harder question is upgrade authority.
If a malicious actor (or a compromised insider) at Offchain Labs, Matter Labs, StarkWare, or OP Labs could push through a protocol upgrade that re-routes funds, the “inherits Ethereum’s security” argument starts to collapse — because the protocol layer itself could be swapped out from under users. A malicious upgrade pushed through a Security Council could, in theory, include a backdoor.
This is why L2Beat treats the Security Council composition as a key risk factor. A 9-of-12 multisig where most signers are employees of the same company is categorically different from a 9-of-12 multisig with geographically distributed, publicly identified, independent members.
The response from most L2 teams is that: (a) the Security Council exists for emergency incident response, not routine operation; (b) the teams are publicly known and would face legal and reputational consequences for abuse; and (c) governance token holders can vote to change the council. That’s a reasonable defense, but it’s a trust-based argument, not a trustless one.
Why Stage 2 Is Hard
Getting to Stage 2 means removing the Security Council’s ability to bypass the proof system. That’s genuinely risky if the proof system has a bug — there would be no emergency brake.
For optimistic rollups, this means the fraud-proof system must be fully deployed, battle-tested, and funded with enough challengers watching the chain to catch every invalid state transition. For ZK rollups, this means the proof system must be audited to the point where the team is confident a bug in it couldn’t lead to fund loss — a high bar for complex cryptographic systems.
Most teams have said explicitly that they want to reach Stage 2 but won’t rush it, because shipping a Stage 2 system with a proof bug would be catastrophically worse than shipping a Stage 1 system with a Safety Council backstop.
The Community Debate
Crypto Twitter and Ethereum forums have reliably litigated this for years, and the positions haven’t shifted much.
The optimistic camp argues that L2s are meaningfully more trustworthy than centralized exchanges (CEXes), where funds can be frozen or stolen with no recourse, and that the trust assumptions are clear and improving. Sequencer decentralization is “coming soon” on the roadmap for most major L2s (Optimism’s shared sequencer work, Espresso Systems integration, etc.).
The skeptical camp argues that “the roadmap is always 6–12 months out” and that users are currently operating with significant hidden centralization risk that isn’t reflected in the way L2s are marketed. The argument that “at least it’s not a CEX” is too low a bar.
The pragmatist position — probably the most accurate — is that the current state reflects a genuine engineering tradeoff: shipping a decentralized sequencer or a provably correct proof system before it’s ready could lose user funds. The centralization exists because the technology is hard, not because the teams are malicious.
What This Means for Users
If you’re holding significant assets in an L2 today, here’s what you’re actually trusting:
- That the sequencer doesn’t go offline and strand your funds (liveness risk)
- That the Security Council doesn’t execute a malicious upgrade (upgrade risk)
- That the escape hatch mechanism you’ve never tested actually works under pressure
- That the L1 data availability means your assets are ultimately recoverable
For most users, most of the time, these risks are small. But they’re real, and they’re largely invisible in how L2s are marketed to new users.
The standard worth tracking is L2Beat’s Stage 2. When a major L2 hits it — no Security Council override, fully deployed proof system — that will be an inflection point worth noting. Until then, “inherits Ethereum’s security” is accurate engineering language and should not be mistaken for “fully decentralized.”
Sources
- L2Beat — L2 Staging System — the Stage 0/1/2 classification system and per-L2 risk ratings referenced throughout this article.
- Arbitrum — Security Council — official documentation on the Arbitrum Security Council’s composition and voting threshold.
- Optimism — Security Model — OP Stack security assumptions and upgrade authority documentation.
- L2Beat — Risk Factors Explained — methodology for how L2Beat classifies sequencer risk, upgrade risk, and exit guarantees.
- Ethereum.org — Layer 2 Rollups — foundational reference for what data availability guarantees L2s do and do not inherit from Ethereum.