Existing Layer 2 (L2) blockchain protocols exhibit significant architectural and security-assumption heterogeneity, lacking a unified formal framework for compositional and cross-paradigm security analysis. Method: We propose the first general L2 security framework grounded in the IITM-UC model, modeling L2 protocols as state machines interacting with users and the underlying ledger. The framework supports modular, composable security analysis across payment channels, sidechains, and rollups via abstraction and parameterization of protocol logic, enabling trace-based security verification while flexibly capturing adversarial scheduling, timing constraints, and base-layer assumptions. Contribution/Results: We instantiate the framework to formally analyze Brick, Liquid, and Arbitrum, revealing critical differences in dispute-resolution latency, computational/storage offloading mechanisms, and trust assumptions. Our analysis establishes foundational security design principles and benchmarks for L2 systems, enabling rigorous, systematic comparison and verification of protocol properties.

Layer 2 (L2) solutions are the cornerstone of blockchain scalability, enabling high-throughput and low-cost interactions by shifting execution off-chain while maintaining security through interactions with the underlying ledger. Despite their common goals, the principal L2 paradigms -- payment channels, rollups, and sidechains -- differ substantially in architecture and assumptions, making it difficult to comparatively analyze their security and trade-offs. To address this, we present the first general security framework for L2 protocols. Our framework is based on the IITM-based Universal Composability (iUC) framework, in which L2 protocols are modeled as stateful machines interacting with higher-level protocol users and the underlying ledger. The methodology defines a generic execution environment that captures ledger events, message passing, and adversarial scheduling, and characterizes security through trace-based predicates parameterized by adversarial capabilities and timing assumptions. By abstracting away from protocol-specific details while preserving critical interface and execution behavior, the framework enables modular, protocol-agnostic reasoning and composable security proofs across a wide range of L2 constructions. To demonstrate its applicability, we analyze an example from each of the three dominant L2 scaling paradigms: a payment channel (Brick), a sidechain (Liquid Network), and a rollup (Arbitrum). By instantiating each within our framework, we derive their security properties and expose trade-offs. These include the time for dispute resolution, distribution of off-chain storage and computation, and varying trust assumptions (e.g., reliance on honest parties or data availability). Our framework unifies the analysis of diverse L2 designs and pinpoints their strengths and limitations, providing a foundation for secure, systematic L2 development.