diff --git a/src/neo/SmartContract/Helper.cs b/src/neo/SmartContract/Helper.cs
index 202cd862e3..0cecf54f8f 100644
--- a/src/neo/SmartContract/Helper.cs
+++ b/src/neo/SmartContract/Helper.cs
@@ -80,7 +80,7 @@ private static bool IsMultiSigContract(byte[] script, out int m, out int n, List
             switch (script[i])
             {
                 case (byte)OpCode.PUSHINT8:
-                    if (n != script[++i]) return false;
+                    if (script.Length <= i + 1 || n != script[++i]) return false;
                     ++i;
                     break;
                 case (byte)OpCode.PUSHINT16:
@@ -94,9 +94,9 @@ private static bool IsMultiSigContract(byte[] script, out int m, out int n, List
                 default:
                     return false;
             }
+            if (script.Length != i + 6) return false;
             if (script[i++] != (byte)OpCode.PUSHNULL) return false;
             if (script[i++] != (byte)OpCode.SYSCALL) return false;
-            if (script.Length != i + 4) return false;
             if (BitConverter.ToUInt32(script, i) != ApplicationEngine.Neo_Crypto_CheckMultisigWithECDsaSecp256r1)
                 return false;
             return true;
diff --git a/tests/neo.UnitTests/SmartContract/UT_Helper.cs b/tests/neo.UnitTests/SmartContract/UT_Helper.cs
new file mode 100644
index 0000000000..d2216ef83c
--- /dev/null
+++ b/tests/neo.UnitTests/SmartContract/UT_Helper.cs
@@ -0,0 +1,31 @@
+using Microsoft.VisualStudio.TestTools.UnitTesting;
+using Neo.SmartContract;
+
+namespace Neo.UnitTests.SmartContract
+{
+    [TestClass]
+    public class UT_Helper
+    {
+        [TestMethod]
+        public void TestIsMultiSigContract()
+        {
+            var case1 = new byte[]
+            {
+                0, 2, 12, 33, 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, 221,
+                221, 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, 221, 12, 33, 255, 255, 255, 255,
+                255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+                255, 255, 255, 255, 255, 255, 255, 255, 0,
+            };
+            Assert.IsFalse(case1.IsMultiSigContract());
+
+            var case2 = new byte[]
+            {
+                18, 12, 33, 2, 111, 240, 59, 148, 146, 65, 206, 29, 173, 212, 53, 25, 230, 150, 14, 10, 133, 180, 26,
+                105, 160, 92, 50, 129, 3, 170, 43, 206, 21, 148, 202, 22, 12, 33, 2, 111, 240, 59, 148, 146, 65, 206,
+                29, 173, 212, 53, 25, 230, 150, 14, 10, 133, 180, 26, 105, 160, 92, 50, 129, 3, 170, 43, 206, 21, 148,
+                202, 22, 18
+            };
+            Assert.IsFalse(case2.IsMultiSigContract());
+        }
+    }
+}