Hey @wdai, I have been very interested in these topics.
Conceptually, any general-purpose Layer 2 should be able to provide a secure messaging layer that allows bridge native L2 assets to L1; follow the exact procedure as we secure bridging L1 assets into L2. For example, the OP Stack address this possibility, and it would be as straightforward as it is today for L1 token bridging: anyone can create a token representation that follows the required interface (commonly via a factory) and then make a deposit into the bridge contract on the origin chain. The underlying message-passing protocol will ensure that the message arrives and is valid. These mechanisms may vary depending on how the L2s implement their respective canonical bridges, but in principle, if the security model can be assumed, then both directions could be equivalent.
Importantly, I believe a key aspect of bridged tokens, including this case, is how the token is implemented and managed in each chain where it isn’t native to meet the expected use cases and fulfill the owner’s requirements. We can distinguish two major groups (intermediates can still exist):
- Classic bridged tokens: When the token is sent to another domain, the issuer/owner will not have any rights over the new representations. This is ideal if the user wants full ownership, provided that the backing is guaranteed, or when the token does not have a “responsible” party. The security model of each representation will solely depend on the security model implemented by the domain.
- Sovereign tokens: The issuer/owner wants to have full control of its implementation. A generalized solution for this is, for example, xERC20, where any issuer can be set, and it is not limited to third-party bridges; canonical or any other method can also work. Others decide to build their own infrastructure, such as Circle.
So, I believe that regardless of the issuer/owner’s choice (which is a critical decision), these current models ensure that a token can move into any domain and that 1:1 transfers are always achieved with any security model. I think many pain points include UX aspects such as times, user actions, and end implementations. I would love to know your thoughts and ideas to achieve better interoperability flows and more elegant token issuing mechanisms.