Just because a it is a L2 switch does not mean it cannot look beyond the mac-address of the packet. For example IGMP snooping is a feature enabled on many L2 switches but IGMP itself is a L3 function. So a number of features on L2 switches require the switch to look at more than the ethernet header to function properly. So just because it cannot route does not mean it cannot look into the payload for certain features.
If you know about firewalls think of like a stateful firewall such as the ASA which handles the majority of packets by simply looking at the IP and port numbers but for certain applications it can further at the the actual commands used in the application.
The only thing i couldn't verify was that by turning on DHCP snooping does that mean that on untrusted ports every broadcast must "inspected" to see whether it was a DHCP packet or not ? I suspect it does so hopefully it is implemented in hardware.
*** Edit - i just found an Ask the Expert event on DHCP snooping and apparently DHCP snooping is not implemented on hardware but software which is surprising. This would suggest the switch does not inspect every broadcast but then unless it does i can't see how it knows it is a DHCP packet.