With the Lightning network, L2 is basically a database between only 2 parties that are required to be online during the transaction. It's not possible to double spend in that situation.
There's the possibility of double spending by committing to the bitcoin blockchain an old version of your "database", but then you would face the penalty of having your entire balance confiscated by the other party.
> but then you would face the penalty of having your entire balance confiscated by the other party.
Only if the other party notices in time that you did this. You are reliant on active monitoring of the blockchain to know that your transactions actually happened. And the more you want to scale (i.e. the more transactions you do on a single Lightning channel without settling it on the BTC blockchain), the bigger the risk becomes.
Yes, but as long as you monitor, double spending is not possible. And it's possible to use tools to do that somewhat passively.
There are conditions on every payment system. With bitcoin you also have something to do to prevent double spending: wait for some number of confirmations (and making sure you're on the right chain).
And "double-spend protection guarantees of blockchains" is very dependent on the cost of doing a 51% attack, so it's not strong by itself. It's very strong in bitcoin only because the quantity of hashrate/money required to do one is astronomical. It's not so strong on small blockchains.
And I fail to see how the risk increases with more transactions on a single lightning channel.
My point is that Lightning has additional failure modes that BTC does not, and Lightning in itself does not offer the guarantees that Bitcoin does. It of course also suffers from all of BTC's failure points - if someone successfully does a 51% attack on BTC, they can implicitly also steal any Lightning funds as well. If you close a Lightning channel and then don't wait for enough confirmations, or you broadcast your cheating transaction and don't wait for enough confirmations, you can clearly lose your money.
The risk doesn't increase with the number of transactions on a channel, that was a wrong statement from my side. What I was thinking of is that the risk increases the more your transact through Lightning instead of regular BTC. Basically, the more of your BTC is caught up in Lightning channels, the higher the value of attacking you with a double spend attempt.
This is automated, no one is proposing to manually look at BTC blocks to see if you are getting cheated. The problem is that you need to explicitly run code constantly to check if this happens - which means that if your monitoring agent goes offline for any reason (which an attacker could perhaps force), your BTC that you received in a Lightning channel may be stolen.
Okay, so it's an attack vector but one that can be mitigated against by implementing redundancy.
I would argue that Lightning's biggest security issue is having to store your private keys on an Internet connected device. I don't know if further improvements can be made in this area, for example allowing for some kind of 2FA, like multi-sig on the base layer.
So this statement is "you can scale blockchain tech by using another tech in its place that doesn't offer the same guarantees".