A removed module that was never disabled retains its active permissions in the protocol’s state machine.

Attackers can exploit this to reactivate deprecated modules (e.g., backdoors, legacy governance) or trigger unexpected interactions with other components.

The 2022 @QubitFin $80M hack exploited a bridge contract that retained minting permissions after being deprecated.

Use tools like @CertoraInc to prove operation order invariants mathematically.

Emit granular logs for every state transition (e.g., ModuleDisabled, ModuleRemoved).

Integrate with monitoring tools like @FortaNetwork to flag out-of-order operations in real-time.