m0-foundation · toninorair · Apr 11, 2024 · Apr 2, 2024 · Apr 11, 2024 · Apr 11, 2024
diff --git a/src/MinterGateway.sol b/src/MinterGateway.sol
@@ -74,6 +74,7 @@ contract MinterGateway is IMinterGateway, ContinuousIndexing, ERC712Extended {
         uint40 updateTimestamp;
         uint40 penalizedUntilTimestamp;
         uint40 frozenUntilTimestamp;
+        uint40 latestProposedRetrievalTimestamp;
     }
 
     /* ============ Variables ============ */
@@ -228,6 +229,7 @@ contract MinterGateway is IMinterGateway, ContinuousIndexing, ERC712Extended {
             revert RetrievalsExceedCollateral(updatedTotalPendingRetrievals_, currentCollateral_);
         }
 
+        minterState_.latestProposedRetrievalTimestamp = uint40(block.timestamp);
         minterState_.totalPendingRetrievals = updatedTotalPendingRetrievals_;
         _pendingCollateralRetrievals[msg.sender][retrievalId_] = safeCollateral_;
 
@@ -580,6 +582,11 @@ contract MinterGateway is IMinterGateway, ContinuousIndexing, ERC712Extended {
         return _minterStates[minter_].penalizedUntilTimestamp;
     }
 
+    /// @inheritdoc IMinterGateway
+    function latestProposedRetrievalOf(address minter_) external view returns (uint40) {
+        return _minterStates[minter_].latestProposedRetrievalTimestamp;
+    }
+
     /// @inheritdoc IMinterGateway
     function getPenaltyForMissedCollateralUpdates(address minter_) external view returns (uint240) {
         uint112 penaltyPrincipal_ = _getPenaltyPrincipalForMissedCollateralUpdates(minter_);
@@ -866,13 +873,20 @@ contract MinterGateway is IMinterGateway, ContinuousIndexing, ERC712Extended {
      * @param newTimestamp_ The timestamp of the collateral update.
      */
     function _updateCollateral(address minter_, uint240 amount_, uint40 newTimestamp_) internal {
-        uint40 lastUpdateTimestamp_ = _minterStates[minter_].updateTimestamp;
+        MinterState storage minterState_ = _minterStates[minter_];
 
-        // MinterGateway already has more recent collateral update
-        if (newTimestamp_ <= lastUpdateTimestamp_) revert StaleCollateralUpdate(newTimestamp_, lastUpdateTimestamp_);
+        // The earliest allowed timestamp for a collateral update is the maximum of the last update timestamp and the latest proposed retrieval timestamp.
+        uint40 earliestAllowedTimestamp_ = UIntMath.max40(
+            minterState_.updateTimestamp,
+            minterState_.latestProposedRetrievalTimestamp
+        );
+
+        if (newTimestamp_ <= earliestAllowedTimestamp_) {
+            revert StaleCollateralUpdate(newTimestamp_, earliestAllowedTimestamp_);
+        }
 
-        _minterStates[minter_].collateral = amount_;
-        _minterStates[minter_].updateTimestamp = newTimestamp_;
+        minterState_.collateral = amount_;
+        minterState_.updateTimestamp = newTimestamp_;
     }
 
     /* ============ Internal View/Pure Functions ============ */

diff --git a/src/interfaces/IMinterGateway.sol b/src/interfaces/IMinterGateway.sol
@@ -165,8 +165,8 @@ interface IMinterGateway is IContinuousIndexing, IERC712 {
     ///         If `validators`, `signatures`, `timestamps` lengths do not match.
     error SignatureArrayLengthsMismatch();
 
-    /// @notice Emitted when calling `updateCollateral` if Minter Gateway has more fresh collateral update.
-    error StaleCollateralUpdate(uint40 newTimestamp, uint40 lastCollateralUpdate);
+    /// @notice Emitted when updating collateral with a timestamp earlier than allowed.
+    error StaleCollateralUpdate(uint40 newTimestamp, uint40 earliestAllowedTimestamp);
 
     /// @notice Emitted when calling `deactivateMinter` with a minter still approved in TTG Registrar.
     error StillApprovedMinter();
@@ -362,6 +362,9 @@ interface IMinterGateway is IContinuousIndexing, IERC712 {
     /// @notice The timestamp until which minter is already penalized for missed collateral updates.
     function penalizedUntilOf(address minter) external view returns (uint40);
 
+    /// @notice The timestamp when `minter` created their latest retrieval proposal.
+    function latestProposedRetrievalOf(address minter) external view returns (uint40);
+
     /// @notice The penalty for missed collateral updates. Penalized once per missed interval.
     function getPenaltyForMissedCollateralUpdates(address minter) external view returns (uint240);
 
@@ -386,10 +389,10 @@ interface IMinterGateway is IContinuousIndexing, IERC712 {
         address minter
     ) external view returns (uint48 mintId, uint40 createdAt, address destination, uint240 amount);
 
-    /// @notice The minter's proposeRetrieval proposal amount
+    /// @notice The amount of a pending retrieval request for an active minter.
     function pendingCollateralRetrievalOf(address minter, uint256 retrievalId) external view returns (uint240);
 
-    /// @notice The total amount of active proposeRetrieval requests per minter
+    /// @notice The total amount of pending retrieval requests for an active minter.
     function totalPendingCollateralRetrievalOf(address minter) external view returns (uint240);
 
     /// @notice The timestamp when minter becomes unfrozen after being frozen by validator.