diff --git a/pkg/services/rpcsrv/params/param.go b/pkg/services/rpcsrv/params/param.go
index e0a56db3f..29d390648 100644
--- a/pkg/services/rpcsrv/params/param.go
+++ b/pkg/services/rpcsrv/params/param.go
@@ -399,6 +399,9 @@ func (p Param) GetSignersWithWitnesses() ([]transaction.Signer, []transaction.Wi
 	if err != nil {
 		return nil, nil, err
 	}
+	if len(hashes) > transaction.MaxAttributes {
+		return nil, nil, errors.New("too many signers")
+	}
 	signers := make([]transaction.Signer, len(hashes))
 	witnesses := make([]transaction.Witness, len(hashes))
 	// try to extract hashes first
diff --git a/pkg/services/rpcsrv/params/param_test.go b/pkg/services/rpcsrv/params/param_test.go
index dfe0d2f3f..d7d866e53 100644
--- a/pkg/services/rpcsrv/params/param_test.go
+++ b/pkg/services/rpcsrv/params/param_test.go
@@ -496,6 +496,15 @@ func TestParamGetSigners(t *testing.T) {
 		require.True(t, u2.Equals(actual[1].Account))
 	})
 
+	t.Run("overflow", func(t *testing.T) {
+		var hashes = make([]util.Uint256, transaction.MaxAttributes+1)
+		msg, err := json.Marshal(hashes)
+		require.NoError(t, err)
+		p := Param{RawMessage: msg}
+		_, _, err = p.GetSignersWithWitnesses()
+		require.Error(t, err)
+	})
+
 	t.Run("bad format", func(t *testing.T) {
 		p := Param{RawMessage: []byte(`"not a signer"`)}
 		_, _, err := p.GetSignersWithWitnesses()